For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > ypserv doesn't get notified when yppasswdd changes a password

ypserv doesn't get notified when yppasswdd changes a password

Created by dave. Last edited by dave, 13 years and 124 days ago. Viewed 2,632 times. #2
[diff] [history] [edit] [rdf]
labels
attachments

ypserv doesn't get notified when yppasswdd changes a password

Problem:

User changes a password using yppasswd, aparrently successfully, but the password isn't changed (ie user can still login with the old password after a long period of time).

We can prove that yppasswdd is doing the right thing:

  • /etc/shadow is updated; and
  • /var/yp/$DOMAIN/passwd.by* are both updated.
However, if you ypcat passwd, the password hash is not changed (ie it differs from what is in /etc/shadow).

Naturally, service ypserv restart propogates the change correctly; but this is not practical as a long term solution.

Underlying cause:

It turns out that yppasswdd knows to update the passwd.by* maps when a password is changed. This is done through /var/yp/Makefile. This makefile included a flag to makedbm (-c) which tells it to notify ypserv that the database files have changed once the updated files have been written. If the localhost is not in securenets, ypserv ignores the notification as coming from an unathorized host, and never notices that the underlying databases have been changed.

Solution:

Add to /var/yp/securenets:

host 127.0.0.1

Comments:

  • It turns out in this case that /var/yp/securenets was generated by Webmin. Never Trust The Gui.
  • There were other legacy problems with the maps (mostly revolving around the initial maps being generated with localhost.localdomain listed as the map master); it is possible that this problem is a symptom of the same issue.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt