Problem changing user passwd as root

From: Emil Petkov (emil.petkov_at_usa.net)
Date: 10/25/03

Next message: Neil W Rickert: "Re: Problem changing user passwd as root"

Previous message: Neil W Rickert: "Re: /var/mail and secure NFS"
Next in thread: Neil W Rickert: "Re: Problem changing user passwd as root"
Reply: Neil W Rickert: "Re: Problem changing user passwd as root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 25 Oct 2003 16:32:48 +0200

Fellow admins,

Any attempt to change an user password (Solaris 8 with NIS+) as root on
the root master server fails:

# passwd <user>
New password:
Re-enter new Password:
Permission denied

In the system log i get a message of this sort:

<timestamp> <server> passwd[15660]: [ID 865497 user.error] Couldn't
create a DH key-pair (len = 192, type = 0)

Users are able to change their passwords.

The permissions and ownership of the passwd and cred table as well as
the corresponding entries seem to be in order:

# niscat -o cred
Object Name : "cred"
Directory : "org_dir.mydomain."
Owner : "simon.mydomain."
Group : "admin.mydomain."
Access Rights : r---rmcdrmcdr---
Time to Live : 12:0:0
Creation Time : Tue Apr 2 14:41:18 1996
Mod. Time : Wed Sep 10 17:11:14 2003
Object Type : TABLE
Table Type : cred_tbl
Number of Columns : 5
Character Separator : :
Search Path :
Columns :
         [0] Name : cname
                 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE
INSENSITIVE)
                 Access Rights : ----------------
         [1] Name : auth_type
                 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE
INSENSITIVE)
                 Access Rights : ----------------
         [2] Name : auth_name
                 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE
INSENSITIVE)
                 Access Rights : ----------------
         [3] Name : public_data
                 Attributes : (TEXTUAL DATA)
                 Access Rights : -----m----------
         [4] Name : private_data
                 Attributes : (TEXTUAL DATA)
                 Access Rights : -----m----------

# niscat -o \[cname=user.mydomain.\],cred
Object Name : "cred"
Directory : "org_dir.mydomain."
Owner : "user.mydomain."
Group : ""
Access Rights : ----r---rmcd----
Time to Live : 12:0:0
Creation Time : Sat Oct 25 15:07:30 2003
Mod. Time : Sat Oct 25 15:31:28 2003
Object Type : ENTRY
         Entry data of type cred_tbl
         [0] - [20 bytes] 'user.mydomain.'
         [1] - [4 bytes] 'DES'
         [2] - [25 bytes] 'unix.999@mydomain'
         [3] - [49 bytes] '...'
         [4] - [65 bytes] Encrypted data
Object Name : "cred"
Directory : "org_dir.mydomain."
Owner : "master.mydomain."
Group : ""
Access Rights : ----rmcdrmcd----
Time to Live : 12:0:0
Creation Time : Sat Oct 25 15:07:10 2003
Mod. Time : Sat Oct 25 15:07:10 2003
Object Type : ENTRY
         Entry data of type cred_tbl
         [0] - [20 bytes] 'user.mydomain.'
         [1] - [6 bytes] 'LOCAL'
         [2] - [5 bytes] '999'
         [3] - [4 bytes] '120'
         [4] - [0 bytes] Encrypted data

# niscat -o passwd
Object Name : "passwd"
Directory : "org_dir.mydomain."
Owner : "master.mydomain."
Group : "admin.mydomain."
Access Rights : ----rmcdrmcd----
Time to Live : 12:0:0
Creation Time : Tue Apr 2 14:41:15 1996
Mod. Time : Sat Oct 25 13:14:06 2003
Object Type : TABLE
Table Type : passwd_tbl
Number of Columns : 8
Character Separator : :
Search Path :
Columns :
         [0] Name : name
                 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE SENSITIVE)
                 Access Rights : r---------------
         [1] Name : passwd
                 Attributes : (TEXTUAL DATA)
                 Access Rights : -----m----------
         [2] Name : uid
                 Attributes : (SEARCHABLE, TEXTUAL DATA, CASE SENSITIVE)
                 Access Rights : r---------------
         [3] Name : gid
                 Attributes : (TEXTUAL DATA)
                 Access Rights : r---------------
         [4] Name : gcos
                 Attributes : (TEXTUAL DATA)
                 Access Rights : r---------------
         [5] Name : home
                 Attributes : (TEXTUAL DATA)
                 Access Rights : r---------------
         [6] Name : shell
                 Attributes : (TEXTUAL DATA)
                 Access Rights : r---------------
         [7] Name : shadow
                 Attributes : (TEXTUAL DATA)
                 Access Rights : ----------------

# niscat -o \[name=user\],passwd
Object Name : "passwd"
Directory : "org_dir.mydomain."
Owner : "user.mydomain."
Group : ""
Access Rights : ----r-----------
Time to Live : 12:0:0
Creation Time : Sun Feb 21 18:12:25 1999
Mod. Time : Sat Oct 25 15:15:13 2003
Object Type : ENTRY
         Entry data of type passwd_tbl
         [0] - [4 bytes] 'user'
         [1] - [14 bytes] Encrypted data
         [2] - [5 bytes] '999'
         [3] - [4 bytes] '120'
         [4] - [32 bytes] 'gecos'
         [5] - [10 bytes] '/home/user'
         [6] - [10 bytes] '/bin/tcsh'
         [7] - [21 bytes] Encrypted data

What could be wrong?

Any help will be highly appreciated.

Regards,
Emil Petkov

Next message: Neil W Rickert: "Re: Problem changing user passwd as root"

Previous message: Neil W Rickert: "Re: /var/mail and secure NFS"
Next in thread: Neil W Rickert: "Re: Problem changing user passwd as root"
Reply: Neil W Rickert: "Re: Problem changing user passwd as root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: NIS+ password change problems
... >output of a niscat -o for the passwd table, a user entry of the passwd ... The enclosed data is lighly munged to protect identifying information. ... Object Type: TABLE ... Object Type: ENTRY ...
(comp.unix.solaris)
Re: Question on Map.Entry
... understand what is the object type of variable table in the default ... constructor of HashMap object. ... is the table variable initialized in the deafault HashMap constructor ... Creating the Entry[] array does not involve creation of any Entry ...
(comp.lang.java.programmer)