Description of Problem:
If a client machine is upgraded to RH 7.2 and uses NIS for password
authentication and a user has a password greater than 8 characters in
length, then the login will fail. If the password is <= 8 characters or
the user is logging in using a standalone account irregardless of password
length, then the user will be able to log in normally.
The NIS server is running under Solaris x86 7 (SunOS 5.7) using the ypserv
shipped w/ Solaris. We are using plain-vanilla NIS (not NISPLUS).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Create an account 'bogus' on the NIS server machine. Give it a password
of 'abcdefghi' (without quotes)
2. yppush the relevant mapping fields
3. Attempt to log in as bogus using 'abcdefghi' as the password either via
the console, gdm, or telnet
The login will fail.
Red Hat Linux release 7.2 (Enigma)
Kernel 2.4.9-7 on an i586
User should have been able to log in normally and received a
Please note that this was only experienced using an NIS server running
SunOS x86 5.7. We do not know if this is repeatable using other
OS/platforms out there.
I believe I'm seeing this failure too.
I've been unable to login since upgrading from 7.1 to 7.2.
2001-1203-1435 Here's /var/log/messages output for the problem again
Dec 3 14:34:35 box pam_rhosts_auth: denied to kirke@kentuckyderby as
kirke: access not allowed
Dec 3 14:34:43 box rlogin(pam_unix): authentication failure; logname=
uid=0 euid=0 tty=rlogin ruser=kirke rhost=kentuckyderby user=kirke
Dec 3 14:34:45 box in.rlogind: PAM authentication failed for in.rlogind
A single line appears at the start in /var/log/security
Dec 3 14:39:13 box xinetd: START: login pid=4869 from=188.8.131.52
[root@box log]# ypcat -k passwd | grep kirke
kirke kirke:xHx93eU2eA.4Y:9469:10:Kirk Erickson:/u/kirke:/bin/tcsh
Another clue: we can rlogin from tor, but ftp from tor fails the same way.
Apparently, since tor appears in box:~/.rhosts, we get in ok.
Remember, we can't login as kirke on the console (on box) either.
Dec 3 14:59:42 box ftp(pam_unix): authentication failure; logname= uid=0
euid=0 tty= ruser= rhost=dsl-192-86.eng.sun.com user=kirke
Dec 3 14:59:45 box ftpd: dsl-192-86.eng.sun.com: connected: IDLE
So I'm unable to rlogin from a nearby Solaris box named kentuckyderby
(running 2.8) or on the console (the machine called box where 7.2 was
Appreciate any new information on this be sent to email@example.com
(my email address changed from firstname.lastname@example.org).
Download the pam fix from redhat's web site.. that fixed my NIS login problem.
Created attachment 39527 [details]
pam-debug.log (for first failure message == rhosts auth)
The latest download for pam I found is version .74-22 via:
2. pam 0.74 - 22 i386 | 2062k | Apr 7 2001 | Red Hat, Inc.
[ download | details ] A security tool which
provides authentication for
But 7.2 came stock with version .75:
[kirke@box kirke]$ rpm -q pam
I assume this would be going backwards...
Ok. Sorry. I found the following on the ftp site:
and installing these resolved the problem.
This looks like a pam bug that has been fixed. I'm closing this bug.