From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2 i686) Description of problem: If you have a local account defined in /etc/passwd with the same login name and uid as a NIS account, passwd won't change the password of either account. In previous versions of RH Linux (at least in 6.2 anyway) passwd would update the local password in this situation according to the priority in /etc/nsswitch.conf: passwd: files nis How reproducible: Always Steps to Reproduce: 1. stop ypbind 2. create a local account with the same login name and uid as a NIS account. 3. start ypbind 4. login to the newly created account 5. run passwd to (try to) change the password Actual Results: The password change fails for both the NIS account and the local account with this error message: RPC: Server can't decode arguments The password has not been changed on <server> passwd: Authentication token manipulation error Expected Results: The local account password should have been changed. Additional info:
This worked fine for me ever since 6.0- 7.1 until the recent kernel upgrade. Now I get the following: As user on the yp server (same result on the client) ----------------------------------- [gerald@keen gerald]$ passwd Changing password for gerald (current) UNIX password: passwd: Authentication token manipulation error ---------------------------------- As root on the yp server ---------------------------------- [root@keen yp]# passwd gerald Changing password for user gerald New UNIX password: Retype new UNIX password: RPC: Can't encode arguments The password has not been changed on keen.esi.ac.at. passwd: Authentication token manipulation error ----------------------------------- If I turn off ypbind on the server it works on the server but not on any client. Moreover, the yp databse is not updated. This brakes my site completely!
*** This bug has been marked as a duplicate of 55383 ***
If you're not running the yppasswdd service on the server, updates over the network from a client will always fail (yppasswdd actually performs the updates). If the NIS server is configured as a client of itself, then the passwd command will behave the same as it would on a client. Removing "nis" from the line in /etc/pam.d/system-auth which uses pam_unix to change passwords (it should read similar to "passwd sufficient /lib/security/pam_unix.so nis") should force all updates to be made to local files only.
> ... should force all updates to be made to local files only. This is not ideal. Better would be if updates were made to local files if a local account is defined but otherwise to NIS. That allows you to override the NIS database with a locally defined account for a specific user on a particular host (could be a NIS client or a server but more likely it would be a client) . Other users still authenticate against NIS on this host and this specific user still authenticates against NIS on other hosts.
Just did some tests under 7.2. All boxes run 7.2 + all updates. The file /etc/pam.d/system-auth contains: password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis If I run ypbind on the server, I get on the server: ------------------------------------------------------ [root@keen root]# passwd gt Changing password for user gt New password: Retype new password: RPC: Can't encode arguments The password has not been changed on keen.esi.ac.at. passwd: Failed preliminary check by password service [root@keen root]# su - gt [gt@keen gt]$ passwd Changing password for gt (current) UNIX password: New password: Retype new password: RPC: Timed out The password has not been changed on keen.esi.ac.at. passwd: Failed preliminary check by password service -------------------------------------------------------- Changing the password on the client works fine. If I stop ypbind on the server I can change the password on the server, but the NIS data base is not updated. If I change it on the client the NIS data base is updated.
I have the sane issue. I have a local account defined in /etc/passwd with the same login name and uid as a NIS account, passwd won't change the password of either account. Paswd needs to change the local password in this situation according to the priority in /etc/nsswitch.conf: passwd: files nis However I get the error RPC: Server can't decode arguments The password has not been changed on <server> passwd: Authentication token manipulation Please provide a fix for this soon. This one is a serious problem
Well , I mean't to say "same issue". -Raja Please increase the priority on this as I have this issue long going at our Client's site here. regards -Raja
I have the same issue on RedHat 9. When logging in, passwords are checked against the local /etc/shadow first, but when changing them with passwd, the NIS password is changed, not the local one. This makes it very hard to change the local password or to fixed expired passwords. Nothing on this since 2002-05? Yeesh.
The current PAM (in FC3 updates) is changed so that in case of same accounts in the local /etc/passwd and and NIS, it changes only the local account password, not the remote one in the NIS server. Use yppasswd for changing the remote password.
*** Bug 55383 has been marked as a duplicate of this bug. ***
*** Bug 73778 has been marked as a duplicate of this bug. ***