Bug 87458 - passwd may modify nis passwd using wrong encryption scheme
passwd may modify nis passwd using wrong encryption scheme
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: passwd (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-26 21:20 EST by Ian Mortimer
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-07 12:46:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ian Mortimer 2003-03-26 21:20:37 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
/usr/bin/passwd will recognise a nis account and modify the nis password  but it
uses the encryption scheme of the local machine which might not match the scheme
on the nis server.

For example if the localhost is using MD5 passwords but the NIS server is using
crypt, using /usr/bin/password to change the NIS password will result in an MD5
encrypted password on the NIS server.  While logins on the localhost will still
succeed, logins on other hosts on the network will fail unless they can also
handle MD5 encrypted passwords.


Version-Release number of selected component (if applicable):
0.67-3

How reproducible:
Always

Steps to Reproduce:
1.setup a nis server serving crypt passwords
2.setup a nis client with MD5 passwords
3.login to the client as a NIS account and change the password with /usr/bin/passwd
    

Actual Results:  The password on the NIS server will be MD5 encrypted

Expected Results:  The password should be encrypted according to the scheme on
the server not on any clients.

Additional info:

yppasswd works correctly.  It will produce crypt passwords on the NIS server
even if run from a host configured with MD5 passwords.

It's often necessary to have crypt passwords on a NIS server for
interoperability with other Unix variants.  On the other hand it's desirable to
use MD5 passwords on clients to protect the root password and any other non NIS
account passwords.
Comment 1 Tomas Mraz 2005-04-07 12:46:11 EDT
This would be too hard to get right. And a workaround is pretty simple - either
setup the client machines to use the same type of passwords or remove the nis
option from /etc/pam.d/system-auth on the client machines -> passwd will not
change the NIS passwords at all and tell the users to use yppasswd.

Note You need to log in before you can comment on or make changes to this bug.