ypserv doesn't get notified when yppasswdd changes a password

ypserv doesn't get notified when yppasswdd changes a password

Problem:

User changes a password using yppasswd, aparrently successfully, but the password isn't changed (ie user can still login with the old password after a long period of time).

We can prove that yppasswdd is doing the right thing:

• /etc/shadow is updated; and
• /var/yp/$DOMAIN/passwd.by* are both updated.

Naturally, service ypserv restart propogates the change correctly; but this is not practical as a long term solution.

Underlying cause:

It turns out that yppasswdd knows to update the passwd.by* maps when a password is changed. This is done through /var/yp/Makefile. This makefile included a flag to makedbm (-c) which tells it to notify ypserv that the database files have changed once the updated files have been written. If the localhost is not in securenets, ypserv ignores the notification as coming from an unathorized host, and never notices that the underlying databases have been changed.

Solution:

Add to /var/yp/securenets:

host 127.0.0.1

Comments:

• It turns out in this case that /var/yp/securenets was generated by Webmin. Never Trust The Gui.
• There were other legacy problems with the maps (mostly revolving around the initial maps being generated with localhost.localdomain listed as the map master); it is possible that this problem is a symptom of the same issue.