Red Hat Bugzilla – Bug 9646
When upgrading the NIS domain server to RH 6.1 shadow.byname was left behind in /var/yp causing problems with ssh
Last modified: 2008-05-01 11:37:54 EDT
It seems shadow.byname is not used any more in RH 6.1, since it is
effectively commented out of /var/yp/Makefile, but it was used by RH 6.0.
However, since the old shadow.byname was left by the upgrade (in
/var/yp/domainname), when logging in with ssh (but not telnet) on NIS
clients still running RH 6.0, the NIS password was read from this file. So
users who changed their passwords after the upgrade (even if they were
running yppasswd from the 6.0 client) were effectively given *two* NIS
passwords: one new pw for the server and telnet to clients, and one old pw
for ssh to clients.
(I realize it is really the ypserv version number which matters, but I do
not have the version numbers at hand, so I assume they are derivable from
the RH release version. Further, we do not allow telnet login, except for
testing like in this case.)