This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 2545 - /usr/lib/yp/yphelper broken
/usr/lib/yp/yphelper broken
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: ypserv (Show other bugs)
6.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-05-04 13:34 EDT by mcornick
Modified: 2015-01-07 18:37 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-06-12 22:07:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description mcornick 1999-05-04 13:34:12 EDT
The /var/yp/Makefile that ships with Red Hat 6.0 expects
shadowed passwd and group files on the YP server. An
application called /usr/lib/yp/yphelper, called from
/var/yp/Makefile, is supposed to merge the information from
/etc/passwd and /etc/shadow to make the passwd maps, and
/etc/group and /etc/gshadow to make the group maps. However,
yphelper doesn't seem to be doing its job; it produces
passwd maps with x's for all passwords, preventing logins on
YP client machines. (Similar behavior happens when merging
/etc/group and /etc/gshadow, but this is less critical.)

A workaround is to set MERGE_PASSWD and MERGE_GROUP to false
in /var/yp/Makefile, and to unshadow the passwd and group
files. This produces valid passwd and group maps, at the
expense of doing away with /etc/shadow and /etc/gshadow on
the YP server.

This happens whether the system is configured for
traditional crypted passwords or MD5 passwords.
Comment 1 moore 1999-05-06 18:59:59 EDT
This bug has SEVERE security problems. If you export a password entry
containing 'x' as the password then on all computers using this
ypserver that user can log in without any password at all!

I've fixed this bug by recompiling the yphelper source file in the
ypserv RPM. I've placed the fixed source code file and compiled
executable onto the local anon ftp server at:

ftp://ettin.pa.msu.edu:/pub/ypserv-bug-fix

I don't know exactly how you need to package it for an "official" RPM
update so if RedHat can either let me know or just make it themselves
from the source code.

The fix is just adding a test for 'x' as a password entry.

Hope this helps,

Roger
Comment 2 mcornick 1999-06-11 16:48:59 EDT
This is fixed in ypserv-1.3.6.92 (RPM currently in rawhide.)
Comment 3 Jeff Johnson 1999-06-12 22:07:59 EDT
This appears to be fixed in ypserv-1.3.6.92. Please reopen if I'm
wrong.

Note You need to log in before you can comment on or make changes to this bug.