Bug 1376986

This is basically a documentation issue, see bug 1358430.

A straight dependency for ypbind is difficult because you would still have to install nss_nis.i686 manually if on a mixed 32/64 bit system.

(In reply to Florian Weimer from comment #1)
> This is basically a documentation issue, see bug 1358430.
> 
> A straight dependency for ypbind is difficult because you would still have
> to install nss_nis.i686 manually if on a mixed 32/64 bit system.

It would fix the non-mixed cases though, and those are becoming much more common.

I agree that there is an issue of documentation though.

I'm retitling and passing to ypbind for consideration to see what they would like to do.

In summary:

- Bug 1358429 documents that 'nss_nis' package needs installing now.

- This bug, bug 1376986, is open to discuss ways this might be made more automatic e.g. ypbind depends on nss_nis.

I feel like ypbind should not depend on nss_nis as (if I am not mistaken) it does not need NSS to work. It definitely should be documented somewhere that you need to install nss_nis if you want to use NSS though.

(In reply to Petr Kubat from comment #3)
> I feel like ypbind should not depend on nss_nis as (if I am not mistaken) it
> does not need NSS to work. It definitely should be documented somewhere that
> you need to install nss_nis if you want to use NSS though.

Despite the fact that you could conceivably operate without nss_nis, the point is that it would do all NIS users a benefit if ypbind depended on nss_nis to make all the other APIs NIS-enabled.

Again, requiring nss_nis would simply make user configuration easier. They wouldn't have to go read the documentation to find what they need, it would just work.

We want to go from having glibc _always_ install nss_nis (the old glibc packaging with everything in place) to having ypbind install nss_nis. This streamlines cloud and container installs, and yet keeps things similar to how it used to be for NIS users.

Does that make sense?

Is there a strong technical argument for not having ypbind require nss_nis?

(In reply to Carlos O'Donell from comment #4)
> We want to go from having glibc _always_ install nss_nis (the old glibc
> packaging with everything in place) to having ypbind install nss_nis. This
> streamlines cloud and container installs, and yet keeps things similar to
> how it used to be for NIS users.

Right, having the users not go through more documentation to fix things might be a better approach. There would be some issues with mixed systems (as Florian already pointed out) so the documentation would still need to be updated.

> Is there a strong technical argument for not having ypbind require nss_nis?

I don't see any reason not to add the requirement from the technical side of things.

This really needs to be fixed! I just wasted couple of hours on trying to figure why NIS authentication does not work. Finally running finger <user> gave a clue about the missing libraries. Whatever the technical details might be, installing ypbind must result in installation of nss_nis.

And note that this was not needed before F25. So I have already started to expect that everything will more or less break with every major upgrade.

That should have read strace finger <user>

ypbind-1.38-6.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-c99e46d2c2

ypbind-1.38-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c99e46d2c2

What I am seeing now is that systemctl fails to start ypbind completely! For example, it tries to start it during boot - waits for a long time and then gives up. Then I login as root and do systemctl start ypbind  and that hangs for some time and then ypbind does not start. However, during the time systemctl hangs ypbind is actually running correctly and things like ypcat passwd work fine. As soon as systemctl command ends, ypbind disappears. Also, if I start ypbind by hand (# ypbind &), it works just fine. This is with up to date F25 (with ypbind-1.38-6.fc25.x86_64). This could be something else but it just started recently.

sorry, replace the first systemctl with systemd

ypbind-1.38-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

(In reply to Jussi Eloranta from comment #10)
> What I am seeing now is that systemctl fails to start ypbind completely!

I am now seeing this with ypbind-1.38-6.fc25 as well. Downgrading to ypbind-1.38-5.fc24.x86_64 immediately remedied it.

(In reply to Ralf Corsepius from comment #13)
> (In reply to Jussi Eloranta from comment #10)
> > What I am seeing now is that systemctl fails to start ypbind completely!
> 
> I am now seeing this with ypbind-1.38-6.fc25 as well. Downgrading to
> ypbind-1.38-5.fc24.x86_64 immediately remedied it.

Same thing here: a freshly installed box with Fedora 25 upgraded from Fedora 24 (where ypbind was working) stopped authenticating the users, with the very same symptoms described in comment #10.

I confirm that the downgrade to ypbind-1.38-5.fc24.x86_64 from ypbind-1.38-6.fc25 restored NIS functions.

Maybe this need be pushed to a different bug?

(In reply to Francesco Simula from comment #14)
> Maybe this need be pushed to a different bug?
See: https://bugzilla.redhat.com/show_bug.cgi?id=1396893