SUMMARY: nisplus password problem

From: Trevor Morrison (trevor@if.ssci.liv.ac.uk)
Date: Mon Nov 21 1994 - 08:53:04 CST


SLIGHT GROVELLING WITHDRAWAL BUT A SUMMARY ANYWAY
IN CASE IT HAPPENS TO ANYONE ELSE OUT THERE
My original problem was:
>
> Hello fellow confused nisplus users.
>
> After id installed 101384-01 patch for admintool.
>
> I thought I had most of the problems licked but I recently spotted one of our
> workstations only accepting a user login with an old password not recognised
> on any of the others. We have a single server for the domain if.ssci.liv.ac.uk
> and just two client workstations. My password was recently changed. I am in the
> sys-admin and nisplus admin group. My new password was fine on the nis master
> (and only I hoped) server. It was also fine on one of the workstations. The
> other won't have it at all and keeps my old password.
> I did not know that a client kept local copies at all. I cannot see how it has.
>
> I have tried removing the client's cred info from the server and recreating
> and rebooting as in 'How to Set Up an NIS+ Client' in the manual.
>
> I have never done anything to create replica servers.
>
> There is not an entry for my id in a local /etc/passwd file.
>
> The passwd table entry looks the same from all hosts with niscat.
>
> Where has it got the old password from and why is it keeping it?
>
>
> When I do login with the old password it gives the message:
>
> password does not decrypt secret key for unix.22755@if.ssci.liv.ac.uk.
> (As it would not I guess)
>
> I have fiddled with keylogins and chkey and so on but as yet got
> no where.
>
> All systems are Solaris 2.3.
>
> Any ideas?
>
> Sorry if this is trivial to some. It doesn't seem to be from here.
>
> Thanks in advance

SO ONE PARTICULAR CLIENT HAD SOMETHING WRONG....
Thanks to those who responded
tim@geog.utah.edu - had a similar problem brough about by client clock
                slightly ahead of the server's
mikebe@pass.british-telecom.co.uk - suggested I remove and recreate
                the credentials.

In the end it turned out that somehow that machine had been left
with a /etc/shadow file with an entry for the id in question. I had
only checked the /etc/passwd file.

The answer is if you want nisplus to work properly all over your
network user's names must only appear in the nis maps and not in
any /etc/passwd OR /etc/shadow on any machine on the net.

I knew this but hadn't looked hard enough.

Trev.Morrison



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:15 CDT