HPE Community
Operating System - HP-UX
1833568 Members
3439 Online
110061 Solutions
New Discussion

NIS password Aging / CDE Failing

 
Kirk Shimekk
New Member

‎03-26-2000 04:42 AM

‎03-26-2000 04:42 AM

NIS password Aging / CDE Failing

IBM AIX 4.3.3 as NIS master not NIS+
Clients are HP 10.20 and AIX 4.3.x
CDE login

Implemented password aging on the NIS Master. All IBM
clients work ALL HP clients exhibit the following problems / symptoms:

Any username other then those in the local /etc/passwd
get asked to changed their password because this is the first time logging in
or it has expired. They change the password and the NIS client says that the
password was successfully changed on the NIS master. The user attempts to
login again using their new password and the DARN thing says again that you
need to change blah blah blah. Yet you go to command line login prompt and you
can login with the user ID and password that it just complained about in the
CDE login.

I've disabled NIS password againg, removed NIS client services from the client,
put on patches PHSS_20715 and PHSS_19963, restarted the NIS client WITHOUT
password aging and WE STILL HAVE THE SAME PROBLEMS.
How can this be. It seems as though CDE has had a config change that cannot be
un-done.

PLEASE help with any suggestions . . . this is a production environment. Thank
You for you time.
0 Kudos
Reply
3 REPLIES 3
user not active
Frequent Advisor

‎03-26-2000 05:34 PM

‎03-26-2000 05:34 PM

Re: NIS password Aging / CDE Failing

You could use the following to check if NIS or CDE is to blame ?

It's a small c program that checks the age field given by getpwnam(3) library
call before and after changing passwd.

If the age field is not modified after entering
new password, it would seem that yppasswdd on NIS-master server does not
update the age field ? Otherwise the problem will be on the client /CDE login ?

======================================================
/* checking age field of password entry for given user */
#include
#include
#include
#define WEEK (24L * 7 * 60 * 60)
main(argc, argv)
int argc;
char *argv[];
{
struct passwd *pwd;
long time(), a64l();
time_t when, maxweeks, minweeks, now;
pwd = getpwnam(argv[1]);
if (pwd == (struct passwd *)NULL) {
perror("failed"); exit(1);
}
printf("age field : %s\n", pwd->pw_age);
if (strlen(pwd->pw_age) == 0) {
printf("age field is null\n"); exit(0);
};
when = (long)a64l(pwd->pw_age); /* base-64 */
maxweeks = when & 077; /* lower 6bits */
minweeks = (when >> 6) & 077; /* middle 6bits */
when >>= 12; /* top of two 6bits */
now = time(0) / WEEK;
printf("now : %dth week from 1970\n", now);
printf("when the passwd modified : %dth week from 1970\n",
when);
printf("max weeks : %d\n", maxweeks);
printf("min weeks : %d\n", minweeks);
if (when > now ||
(now > when + maxweeks) && (maxweeks >= minweeks)) {
printf("password has expired\n");
}
}
======================================================
save as getage.c nd compile with cc getage.c
0 Kudos
Reply
Berlene Herren_1
Super Advisor

‎03-27-2000 03:19 AM

‎03-27-2000 03:19 AM

Re: NIS password Aging / CDE Failing

Kirk, is this a trusted system? Also, do you have a slave server? If so,
check and see what server the client is binding to. If it is binding to slave,
it may just be taking awhile to change.

Berlene
0 Kudos
Reply
Monica Goodson_1
New Member

‎03-28-2000 04:56 AM

‎03-28-2000 04:56 AM

Re: NIS password Aging / CDE Failing

Hi Kirk,

What did you do to set up NIS password aging? Did you convert the master to a
trusted system? Based on my knowledge, you cannot implement password aging
using NIS because the password file information is stored in two places. NIS
password info is under /var/yp and trusted system info is under /tcb.

Monica
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.