Hello,

it seems that yppasswd(1) was broken when we got changes to remove
encrypted passwords from the passwd.byname NIS table and moved them to
master.passwd.byname instead. yppasswd(1) still looked in passwd.byname to
verify the old password, and as that map only has a "*" for the encrypted
password, this caused attempts to change the password always to be
rejected. After teaching yppasswd(1) to use master.passwd.byname, some
minor adjustment for the different file format was necessary.

I'd like to commit this soonish, but would appreciate if anyone could
review this. I've tested this on a 1.4.1/i386 server and both 1.4.1/i386
and 1.4.1/sparc clients.

This problem was pointed out to me by David Koronczay <fu@ludens.elte.hu>
on IRC. From a quick code inspection, this bug is also present in OpenBSD
(hi Theo :-), I'm not sure about FreeBSD.


 - Hubert

-- 
NetBSD - Better for your uptime than Viagra



Index: yp_passwd.c
===================================================================
RCS file: /cvsroot/basesrc/usr.bin/passwd/yp_passwd.c,v
retrieving revision 1.20
diff -u -r1.20 yp_passwd.c
--- yp_passwd.c	1999/08/16 03:02:46	1.20
+++ yp_passwd.c	1999/12/10 16:41:57
@@ -300,6 +300,9 @@
 	pwent->pw_passwd = p;
 	p = pwskip(p);
 	pwent->pw_uid = (uid_t)strtoul(p, NULL, 10);
+	p = pwskip(p); 	/* skip class */
+	p = pwskip(p); 	/* skip change */
+	p = pwskip(p); 	/* skip expire */
 	p = pwskip(p);
 	pwent->pw_gid = (gid_t)strtoul(p, NULL, 10);
 	p = pwskip(p);
@@ -324,7 +327,7 @@
 	int reason, vallen;
 	
 	val = NULL;
-	reason = yp_match(domain, "passwd.byname", nam, strlen(nam),
+	reason = yp_match(domain, "master.passwd.byname", nam, strlen(nam),
 			  &val, &vallen);
 	if (reason != 0) {
 		if (val != NULL)