Bug 129308

Summary: ypmatch problems with ypserv
Product: Red Hat Enterprise Linux 3 Reporter: Simon Oliver <simon.oliver>
Component: ypservAssignee: Vitezslav Crhonek <vcrhonek>
Status: CLOSED WORKSFORME QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-16 10:13:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Simon Oliver 2004-08-06 08:38:52 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
Gecko/20030624 Netscape/7.1 (ax)

Description of problem:
ypmatch and ypcat return different results after a user's password is
changed.  When a user's password is changed via yppasswd, although
`ypcat passwd | grep uid` returns the new password hash, `ypmatch uid
passwd` returns the previous password hash.  The new information only
appears after a ypserv restart.

It would seem that PAM uses the same method as ypmatch because when
the user tries to open an ssh connection to the server we find that
the old password is still effective and the new one does not
authenticate.  In fact in order for the new password to take effect
both ypserv and nscd must be restarted!

If I disable nscd (/etc/init.d/nscd stop) then onlt the ypserv restart
is required.  It seems like this problem is happening at more than one
level!

A notice another RHEL3 admin had a similar problem - I guess they are
related:

Bugzilla Bug 120263:  ypserv problems ypmatching netgroup entries


Version-Release number of selected component (if applicable):
ypserv-2.8-6

How reproducible:
Always

Steps to Reproduce:
1. yppasswd -p uid
2. ypcat passwd | grep ^uid && ypmatch uid passwd
3. /etc/init.d/ypserv restart
4. ypcat passwd | grep ^uid && ypmatch uid passwd
    

Actual Results:  actual result from step 2:

tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash
tu:LkMIeXkgtSHCI:500:500::/home/tu:/bin/bash


Expected Results:  expected result from step 2:

tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash
tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash


Additional info:

here's a transcript:

# ypcat passwd | grep ^tu && ypmatch tu passwd
tu:LkMIeXkgtSHCI:500:500::/home/tu:/bin/bash
tu:LkMIeXkgtSHCI:500:500::/home/tu:/bin/bash
# yppasswd -p tu
Changing NIS account information for tu on ss1.bms.umist.ac.uk.
Please enter root password:
Changing NIS password for tu on ss1.bms.umist.ac.uk.
Please enter new password:
Please retype new password:

The NIS password has been changed on ss1.bms.umist.ac.uk.

# ypcat passwd | grep ^tu && ypmatch tu passwd
tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash
tu:LkMIeXkgtSHCI:500:500::/home/tu:/bin/bash
# /etc/init.d/ypserv restart
Stopping YP server services:                               [  OK  ]
Starting YP server services:                               [  OK  ]
[root@ss1 yp]# ypcat passwd | grep ^tu && ypmatch tu passwd
tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash
tu:hKHVOY1.3Ik5c:500:500::/home/tu:/bin/bash
Comment 1 Gerben Roest 2007-11-27 14:56:20 UTC 
I am having the same problem with RH 4, ypserv-2.13-11. Changing a password or
adding a user and then doing "make" in /var/yp, I see the old date when using:

yppoll passwd.byname

Only after doing /etc/init.d/ypserv stop, /etc/init.d/ypserv start, it shows the
new date. restart doesn't work.
Comment 2 Vitezslav Crhonek 2008-09-16 10:13:24 UTC 
I'm not able to reproduce it (both RHEL3, RHEL4). Probably misconfiguration or already fixed in later updates. Closing.