NIS/YP password change rejected on CentOS 5 4

[davinken]

Hi all,
this problem is becoming too frequent now:

a) User is created using our standard protocol on the NIS/YP server.
b) *Sometimes* : user is rejected at first login. Password not recognized.
c) When going to do a password reset, being root on the NIS/YP server something like this happens:

# passwd johndoe
Changing password for user johndoe.
New UNIX password:
Retype new UNIX password:
NIS password could not be changed. << ------------- ERROR
passwd: all authentication tokens updated successfully.


The entry in the log doesn't help much:
Sep 15 10:56:28 nisserver rpc\. yppasswdd[2149]: update johndoe (uid=31742) from host 128. xxx\194. xxx.xx rejected
Sep 15 10:56:28 nisserver rpc\. yppasswdd[2149]: Invalid password.

Notes:
1) A valid & strong password -known to work with other account- has been given.
2) The password is indeed changed in /etc/shadow, and the NIS/YP databases update (cd /var/yp; make) has not been done yet.

Googling for it has not helped much. I know there is a different condition when the password is updated by the user from a Fedora host (long encoding using sha512 vs original md5 encoding in the server) - but this is happening locally on the CentOS-based server before having the user change the password. But even that has worked before with dozens of users.

A recent occurrence of the issue kept rejecting the original password chosen by the user until he decided to choose a different one.

I have tried different from easy to elaborate passwords with no difference.

This is just happening now with two new users: one of them reported that it worked just fine, the other is being rejected - they were created at the same time.

Any hints - ideas ?

Thanks

[mdcoffman]

Hi all,
this problem is becoming too frequent now:

a) User is created using our standard protocol on the NIS/YP server.
b) *Sometimes* : user is rejected at first login. Password not recognized.
c) When going to do a password reset, being root on the NIS/YP server something like this happens:

# passwd johndoe
Changing password for user johndoe.
New UNIX password:
Retype new UNIX password:
NIS password could not be changed. << ------------- ERROR
passwd: all authentication tokens updated successfully.


The entry in the log doesn't help much:
Sep 15 10:56:28 nisserver rpc\. yppasswdd[2149]: update johndoe (uid=31742) from host 128. xxx\194. xxx.xx rejected
Sep 15 10:56:28 nisserver rpc\. yppasswdd[2149]: Invalid password.

Notes:
1) A valid & strong password -known to work with other account- has been given.
2) The password is indeed changed in /etc/shadow, and the NIS/YP databases update (cd /var/yp; make) has not been done yet.

Googling for it has not helped much. I know there is a different condition when the password is updated by the user from a Fedora host (long encoding using sha512 vs original md5 encoding in the server) - but this is happening locally on the CentOS-based server before having the user change the password. But even that has worked before with dozens of users.

A recent occurrence of the issue kept rejecting the original password chosen by the user until he decided to choose a different one.

I have tried different from easy to elaborate passwords with no difference.

This is just happening now with two new users: one of them reported that it worked just fine, the other is being rejected - they were created at the same time.

Any hints - ideas ?

Thanks

No hints or ideas, just wanted to say I am seeing something similar in RHEL5u4. Some users are able to change there password fine and others are not. I attempted to change the passwords using the same password and for one user it worked fine, the other yppasswdd reported 'invalid password' in /var/log/messages...

I tried running strace on the yppasswdd process and this did not turn up anything useful.

Sorry I am not any help, but you are not the only one seeing this.

Red Hat Enterprise Linux Client release 5.4 (Tikanga)
ypserv-2.19-5.el5
yp-tools-2.9-0.1

Any ideas on how to trouble shoot this would be greatly appreciated...

[mdcoffman]

No hints or ideas, just wanted to say I am seeing something similar in RHEL5u4. Some users are able to change there password fine and others are not. I attempted to change the passwords using the same password and for one user it worked fine, the other yppasswdd reported 'invalid password' in /var/log/messages...

I tried running strace on the yppasswdd process and this did not turn up anything useful.

Sorry I am not any help, but you are not the only one seeing this.

Red Hat Enterprise Linux Client release 5.4 (Tikanga)
ypserv-2.19-5.el5
yp-tools-2.9-0.1

Any ideas on how to trouble shoot this would be greatly appreciated...

I figured out my problem. I have just recently migrated my NIS from an HPUX server environment to Linux. Linux does not know how to deal with the password aging strings that were in my password file. Since not all my users had them, some worked, some did not. Removing the aging string fixed things. Now all users can change there passwords.

Apparently NIS on linux does not support password aging?

-MichaelC