Original problem:
A few users complained when attempting to change their passwords
on Solaris 2.3 machines in our net. It would spit out an error
like "changing NIS passwd for xxx, permission denied", where xxx
would be _someone else's_ account name.
Answer:
xterm and a broken utmp scheme were the culprits. Apparently
when xterm exits on a Solaris 2.x box it leaves its pty entry
in utmp. This can be confirmed by starting up an xterm, noting
its pty (with the 'tty' command), then quitting it. Check from
another session and you will see (with 'who') that the pty is
still shown as "in use", even though the xterm is dead. The next
person that logs into the machine via the net will get the "used"
pty, but will be at the end of the utmp file. When this person
attempts "yppasswd", a call is made to getlogin(), which looks
up the user name via matching the first entry in the utmp that
contains the same tty. In this case, you get the name of the user
that had started the original xterm. When yppasswd attempts to
change the password of this user, it bombs with permission denied.
Fix:
several people suggested patches, but none knew if they worked or
not. Upon research of one suggested patch (101318-59), an admin
warned that when he installed it it broke NFS (ACK!). One admin
submitted a hack called "utmpd" that scans the utmp file every
15 seconds and nukes invalid entries. This works GREAT! This will
be our solution until Sun gets in gear.
Thanks to:
casper@fwi.uva.nl
lcollera@amgen.com
reynolds@mfg.mke.ab.com
(and one more that I am pretty certain I deleted by mistake :-<)
Jeff LaCoursiere
Network Admin
UPRC
Ft. Worth, TX
/**********************************************************************
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
**********************************************************************/
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:13 CDT