Bug 1401432 - yppasswd crypt() failed errors when using passwd.adjunct
Summary: yppasswd crypt() failed errors when using passwd.adjunct
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: yp-tools
Version: 7.4
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Petr Kubat
QA Contact: Vaclav Danek
Vladimír Slávik
URL:
Whiteboard:
Depends On: 1297955
Blocks: 1380359 1393868
TreeView+ depends on / blocked
 
Reported: 2016-12-05 09:09 UTC by Petr Kubat
Modified: 2020-03-11 15:27 UTC (History)
9 users (show)

Fixed In Version: yp-tools-2.14-4.el7
Doc Type: Bug Fix
Doc Text:
*yppasswd* no longer crashes due to Network Information System security features used The *yppasswd* client tried to use a wrong string as salt when checking passwords because it did not recognize the following situations: * The NIS server was configured to use the `passwd.adjunct` map * The variable "MERGE_PASSWD=false" was set in the NIS server's file `/var/yp/Makefile` As a consequence, *yppasswd* failed with the following error message: "crypt() failed". The *yppasswd* client has been fixed to recognize these situations and now delegates the checks to the *yppasswdd* daemon running on the server.
Clone Of: 1297955
Environment:
Last Closed: 2017-08-01 16:14:29 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1880 0 normal SHIPPED_LIVE yp-tools bug fix update 2017-08-01 17:53:38 UTC

Description Petr Kubat 2016-12-05 09:09:47 UTC 
+++ This bug was initially created as a clone of Bug #1297955 +++

Description of problem: 
When using passwd.adjunct map, yppasswd command fails with "crypt() failed" error, since it tries to use the "##user" string as salt. There's a patch, yp-tools-2.12-adjunct.patch, that attempts to fix this, but it gets it wrong.

Version-Release number of selected component (if applicable):
yp-tools-2.14-5 in Fedora 23, but also yp-tools-2.14-3.el7 in RHEL 7, and possibly other Fedora versions.

How reproducible:
Consistently fails when using passwd.adjunct.

Steps to Reproduce:
1. Set up passwd.adjunct map on NIS server
2. Run yppasswd command on NIS client (F23 or RHEL7)
3. Enter passwords when prompted

Actual results:
"crypt() failed" error in response to new passwords

Expected results:
Should accept password without checking against "##user" string, and generate correct salt before calling crypt()

Additional info:
yp-tools-2.12-adjunct-fix.patch (attached) fixes problem.  Use it instead of broken yp-tools-2.12-adjunct.patch file in src.rpm.

--- Additional comment from Gilbert E. Detillieux on 2016-11-24 11:01:11 EST ---

This bug still exists in RHEL7, and most likely in newer Fedora releases.

--- Additional comment from Petr Kubat on 2016-11-28 09:04:39 EST ---

Thanks for the report. I pushed the patch into rawhide and F25.

--- Additional comment from Gilbert E. Detillieux on 2016-12-02 14:21:03 EST ---

Any plans to make this update available for RHEL7?
Comment 26 errata-xmlrpc 2017-08-01 16:14:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1880
Note You need to log in before you can comment on or make changes to this bug.