search for: yppasswdd

-----BEGIN PGP SIGNED MESSAGE----- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Security problems in WU-FTPD Advisory ID: RHSA-1999:043-01 Issue date: 1999-10-21 Updated on: Keywords: wu-ftp security remote exploit Cross references: - --------------------------------------------------------------------- 1. Topic:

Hi. I have for a while been trying to get my samba 2.2.1a PDC to be a NIS master and still maintain the password sync feature, without any luck. Now I made something that seems to work - but I would like to get your input to see if what I do is ok or it is something I should'nt do. 1: Samba uses passwd to sync the password (not yppasswd) 2: cron runs make in /var/yp every 15 minutes to

...user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. 2. Impact If administrator access to one server in the NIS domain is compromised, access to the whole domain can be achieved. On some linux distributions other than SuSE, The rpc.yppasswdd service may halt un...

Does anybody know whether it is possible to enable MD5 passwords for NIS and local passwords? Is it just a matter of running authconfig --enablemd5 and new passwords will use MD5 and old ones will still work? Of course using LDAP might be a "better" solution (if it was easy to install). I've tried googling and didn't get any useful answers... Jeremy

...he passwd from an NT system changes both the unix (crypt) passwd and the NT (obfuscated) passwd. Even better if running "passwd" on a Unix NIS client would change both using the Solaris Extensions for Directory Server. The latter I should be able to hack together by starting with a free yppasswdd implementation. -- Gary Algier, WB2FWZ gary.algier@ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 This space intentionally left blank by the censors.

I normally try not to ask questions until I have done as much research as possible, and again, this is the case... Just after I thought I had my RH5 samba/nis server working fine, I come across the inability to update nis passwords. >From the server as root: passwd guest1 Changing password for user guest1. New UNIX password: Retype new UNIX password: NIS password could not be changed.

Has anyone tried using Windows 2000 Professional with Samba? I'm checking it out now, and when I try to connect to a share, I get an error message similiar to the one you get with Win98 and NT4 with SP3+ with encrypted passwords. Does anyone know the equivelant registry path to set plain text passwords? The NT4 path doesn't seem to exist:

...r password syncing and cron to update yppasswd regularly. I have > seen set-up's that put a "cd /var/yp; make" at the end of the > password chat. > > Christian Hmm, a little detective work and I think I may have solved this issue for both of us. In short, yppasswd & yppasswdd behavior is rather bizarre. It seems that most linux distributions ship with an rpc.yppasswdd that is compiled with the CHECKROOT option enabled. Eg: rpc.yppasswdd - NYS YP server version 1.3.9 (with CHECKROOT) What CHECKROOT means is that the first password entered is checked against root'...

...here it could be usefull). - If root calls yppasswd, it has to ask for the root password from the NIS master server. Else everybody, who is root on a client, can change all password from NIS users on the master. - For local accounts using yppasswd is wrong, you need to use passwd - If your rpc.yppasswdd should not allow root to changes user passwords, you can disable/enable this at compile time (configure switch). So everything looks ok to me. Thorsten On Thu, May 17, Bruce Ferrell wrote: > Actually, I did write to him regarding this behavior when I was setting up > NIS in my shop....