Description of problem:
libtirpc newer that 1.0.2-4 breaks nis because it doesn't use reserved ports.
For example, yppush should use a reserved port, or the port specified with the --port option. We use and need the --port option because we want only open as less ports as neccessary in the firewall (firewalld).
I have tested with lsof and --debug option of ypserv and -v option of yppush.
With libtirpc-1.0.2-4.fc27.x86_64 installed yppush uses the port specified with --port (836 in our case).
With newer versions of libtirpc it uses the specified port to, but only for one connection. It uses another random port in the range 49152 - 65535, then ypserv prints (in debug mode) a message like "Ignored (no reserved port!)".
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Have a working nis environment with a nis master server and (at least) a nis slave server, with libtirpc-1.0.2-4 installed.
2. On nis master server:
Make any changes to nis sources files, or touch them, then run make in /var/yp. This will run yppush.
Or you can run yppush manually (replace template names, have udp port open):
/usr/sbin/yppush -vv --port 836 -d NISDOMAIN -h NISSLAVESERVER ypservers
3. Upgrade to libtirpc-1.0.3-0.
Then repeat step 2.
Step 2: yppush works.
Step 3: yppush waits for answer of nfs slave server, then fails with error because of timeout.
yppush works in step 2 and 3.
I have temporary downgraded libtirpc on our hosts, so it works in the moment. I will try to prevent updates for some time.
Please think about a solution. It should be possible to use reserved ports - may be by an option, a config file, or something other. ypserv also need it not only for yppush, but also for preventing password hashes (shadow.byname, or passwd.adjunct.byname) accessable by ordinary users (security option "port" instead of "none" in /etc/ypserv.conf).
Correction: ... newer than ...
The work around for Fedora 27 is to set xfr_check_port: no in /etc/ypserver.conf
libtirpc-1.0.3-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-4e2a6c0c93
libtirpc-1.0.3-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4e2a6c0c93
The update fixes it for us.
Thanks for providing the update. nis works with it.
libtirpc-1.0.3-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.