1833091 Members
3104 Online
110050 Solutions
New Discussion

NIS Client Problem

 
Danny Crisp
Frequent Advisor

NIS Client Problem

I have nis+ master/replica servers (solaris 8) running in YP compatibility mode. The majority of my clients are hpux 11i. I want to be able to force the user to change his/her password upon first login but for some reason despite running passwd -r nisplus -f (nispasswd strongly discouraged apparently) on the nis+ master server. When the user logs in on a client (hpux 11i) the password expire criteria seem to get totally ignored and the user can log in without being challenged to change his/her provided password.
3 REPLIES 3
Dave Olker
Neighborhood Moderator

Re: NIS Client Problem

Hi Danny,

I'd be curious if the passwd command you listed is really changing the passwd entry in the nisplus table - or at least changing it in a way that the NIS client can see through the gateway.

Can you try the following:

1) On the NIS+ server:
nismatch name= passwd.

2) On the NIS client:
ypcat -k passwd | grep

This should show you the current value of the passwd entry on the NIS+ server and NIS client.

3) passwd -r nisplus -f

4) On the NIS+ server:
nismatch name= passwd.

5) On the NIS client:
ypcat -k passwd | grep

I'm interested to see if the NIS+ master and NIS client see any difference for this user's passwd entry after the passwd command is issued.

Regards,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Danny Crisp
Frequent Advisor

Re: NIS Client Problem

Hello Dave,

Thanks for your reply. Rest assured some points will definitely be coming your way. See below the output from the examples you recommended: -

# nismatch name=dcrisp passwd.org_dir
dcrisp:Ttfhg2cSf413Q:105:700:Danny Crisp:/home/dcrisp:/usr/bin/csh:0:-1:-1:-1:-1:-1:0

# ypcat -k passwd | grep dcrisp
dcrisp dcrisp:Ttfhg2cSf413Q:105:700:Danny Crisp:/home/dcrisp:/usr/bin/csh

I then ran the passwd -r nisplus -f dcrisp again and repeated the above nismatch/ypcat commands. The output, as far as I could tell had not changed at all.
Dave Olker
Neighborhood Moderator

Re: NIS Client Problem

Hi Danny,

> I then ran the passwd -r nisplus -f
> dcrisp again and repeated the above
> nismatch/ypcat commands. The output, as
> far as I could tell had not changed at
> all.

Well, then I guess that's the problem. If the passwd command is not updating the passwd field in the user's entry to one where the client will interpret it as a need to change passwords at next login then we should focus on that.

Can you try the same passwd command against a local user in the /etc/passwd file on the Solaris server and see if passwd makes the appropriate change to a local user? Perhaps this is a defect with how the passwd command on Solaris updates NIS+ tables. If it works against a local user in /etc/passwd but not in the NIS+ table then I'd check with Sun to find out if this is a known problem that they've already fixed in a patch or if this is something new they need to investigate.

Regards,

Dave


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo