Bug 21799

Summary: after start nscd i unable login to system as nis-mapped user ( on client system rh7, NIS, NFS server is RH6.x)
Product: [Retired] Red Hat Linux Reporter: MEGASOFT HACKERS GROUP <megasofthg>
Component: nscdAssignee: Jakub Jelinek <jakub>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: kmaraas, sh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-23 14:05:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description MEGASOFT HACKERS GROUP 2000-12-06 13:04:54 UTC
after start nscd i unable login on client system (RH7, x86) as NIS-mapped
user ( client system rh7, NIS-NFS server is RH6.x)
if i stop nscd - all ok !!!
On Rh6.x clients all ok with nscd or without ?

This valid for all updates glibc for RH7 ( now i have latest 2.2-5)

Comment 1 Jakub Jelinek 2000-12-08 11:50:17 UTC
Strange, we use NIS internally here, NIS server is RH6.2 and RH7 boxes work
just fine against it (and several people are running nscd).
Can you e.g. stop nscd, login, from some other console start nscd and see
what get*by* request fail?

Comment 2 MEGASOFT HACKERS GROUP 2000-12-11 13:12:41 UTC
I turn-on debug and see my nscd.log:

--------------------------------------
1126: handle_request: request received (Version = 2)
1126:   GETPWBYNAME (boss)
1126: Haven't found "boss" in password cache!
1126: handle_request: request received (Version = 2)
1126:   GETPWBYNAME (boss)
1126: handle_request: request received (Version = 2)
1126:   GETPWBYNAME (boss)
1126: handle_request: request received (Version = 2)
1126:   GETPWBYUID (0)
1126: Haven't found "0" in password cache!
1126: handle_request: request received (Version = 2)
1126:   GETPWBYUID (0)
1126: handle_request: request received (Version = 2)
1126:   GETPWBYUID (0)
1126: handle_request: request received (Version = 2)
1126:   GETGRBYGID (0)
1126: Haven't found "0" in group cache!
-------------------------------


Comment 3 sh 2001-02-19 09:42:48 UTC
I am having the same problem with RedHat 7.0 clients and a RedHat 7.0 server, if
I have the following section listed in /etc/ypserv.conf on the NIS server
everything works fine with nscd started and I can login as normal:

# Host                       : Map              : Security   : Passwd_mangle
#
#*                          : passwd.byname    : port       : yes
#*                          : passwd.byuid     : port       : yes

However if I have the following in /etc/ypserv.conf to enable 'shadow like
passwords':

# Host                       : Map              : Security   : Passwd_mangle
#
*                          : passwd.byname    : port       : yes
*                          : passwd.byuid     : port       : yes

I can no longer login if nscd is started on the client. If I stop nscd on the
client things work as normal and I am able to login once again.

Comment 4 MEGASOFT HACKERS GROUP 2001-02-19 10:58:40 UTC
o !!!!!! 
on rh7 nscd run as nscd-user (uid=28), and with this option nis-server mangle
passwords for requests from unprivileged users :) on rh 6.x nscd run as root and
all ok !!!!

maybe it security problem ? on solaris clients all nis-requests also from
unprivileged ports.


Comment 5 Kjartan Maraas 2003-04-02 22:03:37 UTC
Any news on this issue?

Comment 6 Mark J. Cox 2003-04-23 14:05:04 UTC
Closing, please reopen if this issue still occurs with Red Hat Linux 7.1 or above.