Bug 55325 - login fails if using NIS and passwd > 8 chars
login fails if using NIS and passwd > 8 chars
Product: Red Hat Linux
Classification: Retired
Component: ypbind (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Alexander Larsson
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2001-10-29 13:50 EST by Chris Fuhrman
Modified: 2007-04-18 12:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-19 10:47:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
pam-debug.log (for first failure message == rhosts auth) (95.24 KB, text/plain)
2001-12-03 18:48 EST, Need Real Name
no flags Details

  None (edit)
Description Chris Fuhrman 2001-10-29 13:50:05 EST
Description of Problem:

If a client machine is upgraded to RH 7.2 and uses NIS for password
authentication and a user has a password greater than 8 characters in
length, then the login will fail.  If the password is <= 8 characters or
the user is logging in using a standalone account irregardless of password
length, then the user will be able to log in normally.

The NIS server is running under Solaris x86 7 (SunOS 5.7) using the ypserv
shipped w/ Solaris.  We are using plain-vanilla NIS (not NISPLUS).

Version-Release number of selected component (if applicable):

How Reproducible:

Every time

Steps to Reproduce:

1.Create an account 'bogus' on the NIS server machine.  Give it a password
of 'abcdefghi' (without quotes)

2. yppush the relevant mapping fields

3. Attempt to log in as bogus using 'abcdefghi' as the password either via
the console, gdm, or telnet

Actual Results:

The login will fail.

Red Hat Linux release 7.2 (Enigma)
Kernel 2.4.9-7 on an i586
login: bogus
Login incorrect

Expected Results:

User should have been able to log in normally and received a

Additional Information:

Please note that this was only experienced using an NIS server running
SunOS x86 5.7.  We do not know if this is repeatable using other
OS/platforms out there.
Comment 1 kirk.erickson 2001-12-03 18:16:36 EST
I believe I'm seeing this failure too.
I've been unable to login since upgrading from 7.1 to 7.2.

2001-1203-1435 Here's /var/log/messages output for the problem again
Dec  3 14:34:35 box pam_rhosts_auth[4825]: denied to kirke@kentuckyderby as
kirke: access not allowed
Dec  3 14:34:43 box rlogin(pam_unix)[4825]: authentication failure; logname=
uid=0 euid=0 tty=rlogin ruser=kirke rhost=kentuckyderby  user=kirke
Dec  3 14:34:45 box in.rlogind[4825]: PAM authentication failed for in.rlogind

A single line appears at the start in /var/log/security
Dec  3 14:39:13 box xinetd[1061]: START: login pid=4869 from=

[root@box log]# ypcat -k passwd | grep kirke
kirke kirke:xHx93eU2eA.4Y:9469:10:Kirk Erickson:/u/kirke:/bin/tcsh

Another clue:  we can rlogin from tor, but ftp from tor fails the same way.
Apparently, since tor appears in box:~/.rhosts, we get in ok.
Remember, we can't login as kirke on the console (on box) either.

Dec  3 14:59:42 box ftp(pam_unix)[4981]: authentication failure; logname= uid=0
euid=0 tty= ruser= rhost=dsl-192-86.eng.sun.com  user=kirke
Dec  3 14:59:45 box ftpd: dsl-192-86.eng.sun.com: connected: IDLE

So I'm unable to rlogin from a nearby Solaris box named kentuckyderby
(running 2.8) or on the console (the machine called box where 7.2 was
just installed).

Appreciate any new information on this be sent to kirk.erickson@sun.com
(my email address changed from kirke@sgi.com).
Comment 2 Need Real Name 2001-12-03 18:36:06 EST
Download the pam fix from redhat's web site.. that fixed my NIS login problem.
Comment 3 Need Real Name 2001-12-03 18:48:36 EST
Created attachment 39527 [details]
pam-debug.log (for first failure message == rhosts auth)
Comment 4 Need Real Name 2001-12-03 21:55:47 EST
The latest download for pam I found is version .74-22 via:


   2.  pam 0.74 - 22 i386  |  2062k  |  Apr 7 2001  |  Red Hat, Inc.
   [ download    |    details ] A security tool which
provides                                             authentication for

But 7.2 came stock with version .75:

[kirke@box kirke]$ rpm -q pam
[kirke@box kirke]$ 

I assume this would be going backwards...

Comment 5 Need Real Name 2001-12-04 00:43:24 EST
Ok.  Sorry.  I found the following on the ftp site:


and installing these resolved the problem.
Comment 6 Alexander Larsson 2002-03-25 15:59:16 EST
This looks like a pam bug that has been fixed. I'm closing this bug.

Note You need to log in before you can comment on or make changes to this bug.