topic Re: NIS password... in Operating System - HP-UX

NIS password...

Jonathan Caplette_1 — Mon, 05 May 2003 16:42:05 GMT

Hi guys,

I've a little problem here, with my HP-UX 11 box.... When a user ask the system to change is password with the command "passwd" the system said "Changing password for on NIS server" and then ask for the Old NIS password... I use NIS for hosts, etc... but I don't want to use it on that machine for passwords, cause I need to have locally saved passwords....

I've added into my nsswitch.conf file those two lines:
passwd: files nis
group: files nis

But even with that it stay ask the users for an NIS password.... How can I tell the system to always take local passwd file instead of the NIS??

Thanks
Jonathan

Re: NIS password...

S.K. Chan — Mon, 05 May 2003 16:53:27 GMT

Use ..
$ passwd -r files
.. if you want to change the password on the local /etc/passwd file.
$ man passwd
for details.

Re: NIS password...

Shannon Petry — Mon, 05 May 2003 19:18:43 GMT

There is another way to do this, and that is to use a different passwd binary.

/usr/bin/passwd will look for methods of authentication on the system beyond /etc/passwd, and change auth by the correct mechanism for the auth type.

/sbin/passwd is a static binary made to modify /etc/passwd only. I use this command over /usr/bin/passwd as root of course by modifying my path to look in /sbin before /usr/bin, and have had rare instances where I have showed users this command over /usr/bin. However, I would never recommend doing this, as the standard yppasswd also pushes new maps, where /sbin/passwd does not, and neither does passwd -r.

Regards,
Shannon

Re: NIS password...

Jonathan Caplette_1 — Tue, 06 May 2003 13:58:58 GMT

Chan you have the good answer.. in part...

What I wanna know is how can a user change is own passwd by typing only "passwd" and not "passwd -r files" each time he want to change it??? How can I reload the nsswitch.conf file?? And I don't wanna make a script to do that?? I'm sure I can change the config of the system to do it that way???

Thanks
Jonathan

Re: NIS password...

Shannon Petry — Tue, 06 May 2003 14:32:33 GMT

I wont get into making the other answer easier, as to me it's not. No need to change nsswitch.conf using my method.

To do this, simply load /sbin into the path before /usr/bin, and you will call the correct password program for what your needs are.

Regards,
Shannon

ps. sorry for the repeat post, the site yesterday kept giving me an error 100016 and stating that it could not find the server. looks like it could ;/

Re: NIS password...

Jonathan Caplette_1 — Tue, 06 May 2003 16:22:04 GMT

Hi Shannon,

I tried my PATH with /sbin before /usr/bin, and when I use passwd I got this error cause I'm not root:

$ passwd
Changing password for root
Permissior denied.
$

I don't want to use sudo... the users need to change their password?!?!?!

Any ideas?
Jonathan

Re: NIS password...

S.K. Chan — Tue, 06 May 2003 17:47:03 GMT

Do not make this complicated for yourself. Why don't you create an alias for the users, or you can have one alias for password-nis-change and one for password-local-change. Your users just have to be aware of this whenever they change their password. For example ..
alias pnc='passwd -r nis'
alias plc='passwd -r files'
Just my thought ..

Re: NIS password...

Jack Werner — Tue, 06 May 2003 18:00:32 GMT

Jonathon,

For locally administered passwords, you must have the user defined in the server's local /etc/passwd file. There is a "magic" character(^+) that denotes the starting place for NIS(and the end of local entries). Just make sure the user is defined before this character.

Re: NIS password...

Jonathan Caplette_1 — Tue, 06 May 2003 18:29:28 GMT

Why I make it hard like that for myself, is because users change their password throught the application BaaN, and it is hard coded in it to use command "passwd" ....
I've checked the /etc/passwd file and all my users are before the + sign....

Re: NIS password...

Michael Steele_2 — Tue, 06 May 2003 18:57:03 GMT

Regarding: "...But even with that it stay ask the users for an NIS password.... How can I tell the system to always take local passwd file instead of the NIS??..."

I believe you may have to run 'inetd -c' after modifying

Let's begin with a fresh copy of /etc/nsswitch.conf:

mv /etc/nsswitch.conf /etc/nsswitch_old
cp /usr/newconfig/etc/nsswitch.conf

Then remove from 'nis' from /etc/nsswitch.conf file with only files designated for passwd and group?

passwd: files
group: files

'inetd -c'

Then try this:

passwd: files [NOTFOUND=continue UNAVAIL=continue] nis

'inetd -c'

Re: NIS password...

S.K. Chan — Tue, 06 May 2003 19:06:19 GMT

Need to clarify one thing .. are you saying the same user existed in the NIS password map as well in the local password file ?

Re: NIS password...

Jonathan Caplette_1 — Wed, 07 May 2003 13:39:17 GMT

Hi guys,

I had to restart the inetd daemon with the command inetd -k and the /usr/sbin/inetd

Thanks
Jonathan