In the last episode (Mar 18), Robert Kellner said:
> I have a problem with passwords on FreeBSD 5.0: I am using NIS, but
> neither root, nor the users can change their nis passwords with
> yppasswd. Root is asked for the old password and when trying to set a
> new one it fails. If a user tries to change his password, this will
> not succeed either.
>
> here are some loggings:
> root tries to change a password:
>
> Changing NIS password for testuser
> Old Password:
> New Password:
> Retype New Password:
> yppasswd: pam_chauthtok(): error in service module
>
> from /var/log/messages:
> Mar 18 16:15:30 server yppasswd: in pam_sm_chauthtok(): yppasswd_local(): failed to
> connect to rpc.yppasswdd: server.mydomain.com: RPC: Program not registered
I get this too; trying to change the password as a regular user from
the NIS server fails with the same error. I have no workaround for
this.
> a user tries to change a password:
>
> Changing NIS account information for testuser on server.mydomain.com.
> Changing NIS password for testuser on server.mydomain.com.
> Please enter new password:
> Please retype new password:
> Error while changing the NIS password.
> The NIS password has not been changed on server.mydomain.com.
>
> and from /var/logmessages:
> Mar 18 16:17:24 btcips73x1 rpc.yppasswdd[2320]: pw_mkdb() failed
Are you exporting /etc/master.passwd via NIS, or are you exporting
/var/yp/master.passwd? There are a couple bugs in rpc.yppasswdd when
you are not exporting /etc/master.passwd. Try the attached patch and
see if it helps. Make backups of /etc/master.passwd and
/var/yp/master.passwd just in case :)
--
Dan Nelson
[EMAIL PROTECTED]
Index: yppasswdd_server.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/rpc.yppasswdd/yppasswdd_server.c,v
retrieving revision 1.26
diff -u -p -r1.26 yppasswdd_server.c
--- yppasswdd_server.c 15 May 2002 09:20:06 -0000 1.26
+++ yppasswdd_server.c 13 Dec 2002 19:43:11 -0000
@@ -450,6 +450,7 @@ yppasswdproc_update_1_svc(yppasswd *argp
char *oldgecos = NULL;
char *passfile_hold;
char passfile_buf[MAXPATHLEN + 2];
+ char passfile_hold_buf[MAXPATHLEN + 2];
char *domain = yppasswd_domain;
static struct sockaddr_in clntaddr;
static struct timeval t_saved, t_test;
@@ -574,32 +575,64 @@ yppasswdproc_update_1_svc(yppasswd *argp
passfile = (char *)&passfile_buf;
}
+ /* Create a filename to hold the original master.passwd so if our call
+ to yppwupdate fails we can roll back */
+ snprintf(passfile_hold_buf, sizeof(passfile_hold_buf), "%s.hold", passfile);
+ passfile_hold = (char *)&passfile_hold_buf;
+
/* Step 5: make a new password file with the updated info. */
+ yp_error("calling pw_init(%s)",passfile);
if (pw_init(dirname(passfile), passfile)) {
yp_error("pw_init() failed");
return &result;
}
+ yp_error("calling pw_lock()");
if ((pfd = pw_lock()) == -1) {
pw_fini();
yp_error("pw_lock() failed");
return &result;
}
+ yp_error("calling pw_tmp(-1)");
if ((tfd = pw_tmp(-1)) == -1) {
pw_fini();
yp_error("pw_tmp() failed");
return &result;
}
+
+ yp_error("calling pw_copy()");
if (pw_copy(pfd, tfd, &yp_password, NULL) == -1) {
pw_fini();
yp_error("pw_copy() failed");
return &result;
}
- if (pw_mkdb(yp_password.pw_name) == -1) {
+ if (rename(passfile, passfile_hold) == -1) {
pw_fini();
- yp_error("pw_mkdb() failed");
+ yp_error("rename of %s to %s failed", passfile, passfile_hold);
return &result;
}
+ if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+ /* NIS server is exporting the system's master.passwd. */
+ /* Call pw_mkdb to rebuild passwd and the .db files */
+ yp_error("calling pw_mkdb(%s)",yp_password.pw_name);
+ if (pw_mkdb(yp_password.pw_name) == -1) {
+ pw_fini();
+ yp_error("pw_mkdb() failed");
+ rename(passfile_hold, passfile);
+ return &result;
+ }
+ } else
+ {
+ /* NIS server is exporting a private master.passwd. */
+ /* Rename tempfile into final location */
+ if (rename(pw_tempname(), passfile) == -1) {
+ pw_fini();
+ yp_error("rename of %s to %s failed", pw_tempname(), passfile);
+ rename(passfile_hold, passfile);
+ return &result;
+ }
+ }
+ yp_error("calling pw_fini()");
pw_fini();
if (inplace) {
@@ -630,14 +663,16 @@ yppasswdproc_update_1_svc(yppasswd *argp
return(&result);
break;
default:
+ yp_error("removing backup passwd file %s", passfile_hold);
unlink(passfile_hold);
break;
}
if (verbose) {
- yp_error("update completed for user %s (uid %d):",
+ yp_error("update completed for user %s (uid %d) in %s:",
argp->newpw.pw_name,
- argp->newpw.pw_uid);
+ argp->newpw.pw_uid,
+ passfile);
if (passwd_changed)
yp_error("password changed");
@@ -679,7 +714,7 @@ yppasswdproc_update_master_1_svc(master_
transp = rqstp->rq_xprt;
/*
- * NO AF_INET CONNETCIONS ALLOWED!
+ * NO AF_INET CONNECTIONS ALLOWED!
*/
rqhost = svc_getcaller(transp);
if (rqhost->sin_family != AF_UNIX) {
@@ -782,10 +817,12 @@ allow additions to be made to the passwo
yp_error("pw_copy() failed");
return &result;
}
- if (pw_mkdb(argp->newpw.pw_name) == -1) {
- pw_fini();
- yp_error("pw_mkdb() failed");
- return &result;
+ if (strcmp(passfile, _PATH_MASTERPASSWD) == 0) {
+ if (pw_mkdb(argp->newpw.pw_name) == -1) {
+ pw_fini();
+ yp_error("pw_mkdb() failed");
+ return &result;
+ }
}
pw_fini();
