Description of problem: Running yppasswd as a normal user fails, with the message: You cannot reuse the old password. This happens whether the old password has been reused or not. If I downgrade the version of yp-tools to 2.9-8 yppasswd starts working again. The NIS master runs on CentOS 5.5, though I doubt this matters, as strace suggests that the new password typed by the user is not passed anywhere near the NIS server before being rejected. Looking at the diff betwwen 2.9-8 and 2.9-9, code very close to the error message has been changed, which makes me suspicious. Version-Release number of selected component (if applicable): 2.9-9 How reproducible: Always Steps to Reproduce: 1.Try to change your NIS password on a NIS configured machine using yppasswd Actual results: Fails with "You cannot reuse the old password." Expected results: Should allow password to be changed Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=514061 Bug ref for bug-fix that introduced the problem
It would help a lot if you could provide an example of passwd entry (one line), for which the password change fails. You can get all the passwd lines by running `ypcat passwd` on NIS slave.
bertesj3:x:20566:20566:John Bertesty:/home/bertesj3:/bin/bash
Thank you for such a fast response. I'm interested in the format and length of that `x` :). It should be in form $id$salt$encrypted, and I need to know the "id" (which indicates the method used for encryption), the length of "salt" (which is probably the reason why you cannot change the password), and whether "encrypted" contains some suffix separated by a comma (such as ",rounds=xx"). If you change a few letters in the "encrypted" area for other random letters, there is no chance to get your password.
The 'x' is because it's a shadowed password NIS system. It's always worked in the past, as recently as yp-tools 2.9-8. Surely the old password is checked at the server end, and the new password just gets sent to the NIS server??
I see, thanks. MERGE_PASSWD is set to false in /var/yp/Makefile. I can reproduce it now, and yp-tools-2.9-8 works here too.
In yp-tools-2.9-8, the comparison of the old and new password in yppasswd.c, function verifypassword: pwd->pw_passwd => "x" pwdstr => "newpassword" crypt (pwdstr, pwd->pw_passwd) => "xxCfHui4C4JRY" strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), 13) => not same In yp-tools-2.9-9: pwd->pw_passwd => "x" pwdstr => "newpassword" crypt (pwdstr, pwd->pw_passwd) => "xxCfHui4C4JRY" passwdlen => 1 strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) => passwords are identical! The solution is not to compare passwords when the old one == "x", as it always means that shadow passwords are used.
yp-tools-2.10-3.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/yp-tools-2.10-3.fc13
yp-tools-2.9-10.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/yp-tools-2.9-10.fc12
yp-tools-2.11-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/yp-tools-2.11-2.fc14
(In reply to comment #7) > > The solution is not to compare passwords when the old one == "x", as it always > means that shadow passwords are used. Cor, thanks for the quick fix, and already submitted as an update. Cheers!
yp-tools-2.11-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update yp-tools'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/yp-tools-2.11-2.fc14
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
yp-tools-2.10-3.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
yp-tools-2.11-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.