Bug 55383

Summary: root password can't be changed
Product: [Retired] Red Hat Linux Reporter: Ed Friedman <edfriedmangvs>
Component: passwdAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: akkzilla, damon.gunther, gt, lia.pennington
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-24 18:44:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ed Friedman 2001-10-30 17:22:36 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12 i686)

Description of problem:
Using a full install of 7.2, with shadow passwords and MD5 enabled, and
running NIS from a Solaris server, it is impossible to change the root
password.   Even though files comes before nis in the /etc/nsswitch.conf
file, the passwd command tries to change the password on the NIS server,
which is not permitted when you are trying to change the root password.  
Using the linuxconf change root password GUI also resulted in the same
error message.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.turn on NIS, shadow passwords, MD5
2.as root issue the passwd command
3.observe the error message from the NIS server telling you that the
password has not been changed
	

Actual Results:  RPC: Can't encode arguments
The password has not been changed on tachyon.uchicago.edu.
passwd: Failed preliminary check by password service


Expected Results:  The password for root should have been changed on the
local machine only.

Additional info:
Comment 1 Joshua Buysse 2001-11-14 19:18:46 UTC 
*** Bug 55615 has been marked as a duplicate of this bug. ***
Comment 2 Joshua Buysse 2001-11-14 19:19:39 UTC 
*** Bug 43915 has been marked as a duplicate of this bug. ***
Comment 3 Nalin Dahyabhai 2002-02-14 21:17:32 UTC 
Do you have a root account in NIS in addition to the one defined in the local files?
Comment 4 Ed Friedman 2002-02-14 21:29:53 UTC 
Yes, the NIS database does have an entry listed for root.  However, the
nsswitch.conf is saying to search the local files before looking at the NIS
database.
Comment 5 Nalin Dahyabhai 2002-02-14 21:37:01 UTC 
I really would consider this a configuration error -- enumeration of the passwd
database (for example, by running "getent passwd") will show two accounts for
root, with two passwords, but only one of them will ever work.  This is because
the function for reading a single passwd record only returns a single result.

As a workaround, removing "nis" from the line in /etc/pam.d/system-auth which
includes use of pam_unix for changing passwords will prevent pam_unix from
attempting to change passwords on the NIS server.

This happens because the function which looks up a user's information doesn't
tell pam_unix where the information came from, so pam_unix checks both NIS and
local files to figure out which entry to change, and it appears to be hitting on
the wrong data source.
Comment 6 Gerald Teschl 2002-02-14 22:37:50 UTC 
No, here we don't have an entry for root in NIS. Moreover, here it
is not at all related to the root account and both client/server
run rh 7.2. Probably #43915 is not a duplicate of this bug after all!?
Comment 7 Tomas Mraz 2005-03-24 18:44:57 UTC 
It should be duplicate of bug 43915 however regarding comment #6 - if it still
happens to you on a current RHEL/Fedora releases please write it here.


*** This bug has been marked as a duplicate of 43915 ***