netbsd-bugs: bin/11518: chfn (at the least) nullifies passwords through yp

Subject: bin/11518: chfn (at the least) nullifies passwords through yp
To: None <gnats-bugs@gnats.netbsd.org>
From: Mason Loring Bliss <mason@acheron.middleboro.ma.us>
List: netbsd-bugs
Date: 11/18/2000 09:44:13

>Number:         11518
>Category:       bin
>Synopsis:       chfn (at the least) nullifies passwords through yp
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 18 09:44:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Mason Loring Bliss
>Release:        netbsd-1-5-RELEASE
>Organization:
    M a s o n     L o r i n g     B l i s s
awake ? sleep : (random() & 2) ? dream : sleep; 
>Environment:
	
System: NetBSD acheron.in.hades 1.5 NetBSD 1.5 (MLB) #0: Fri Nov 17 17:00:00 EST 2000 root@acheron.in.hades:/usr/src/sys/arch/i386/compile/MLB i386


>Description:

chfn blows away a user's password when NIS is running.

Running 1.5 server; tested with -current and 1.5_ALPHA clients.


>How-To-Repeat:

/home/mason$ chfn

[change information as desired]

Old password:
The YP password information has been changed on acheron.in.hades, the master YP passwd server.

Then examine user's password on master server or try to use user's password
anywhere.


>Fix:

As yet unknown.

>Release-Note:
>Audit-Trail:
>Unformatted: