SUSE Support

Here When You Need Us

yppasswd (or passwd) command on Master NIS device does not change NIS password

This document (7005288) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 10
 

Situation

A certain SLES system is set up as both an NIS client and Master NIS server.  When the yppasswd or passwd command is given on that system, it appears to be successful but the NIS password is not changed.  If the master NIS has it's databases rebuilt, then the new password comes into effect.
 
If the same yppasswd command is done from a system which is only an NIS client, it successfully sets the NIS password in the remote NIS Server.

Resolution

The yppasswd command simply calls the passwd command, so for the rest of this discussion, "passwd" will be referenced.
 
The passwd command searches for users based on the order specified in /etc/nsswitch.conf.  Typically, local files are searched before nis is searched.  Therefore, on a Master NIS (which typically holds the user information both in local files and in nis), passwd will find the user in local files first, and only change the password there.
 
In contrast, if the account is found in NIS first, it will be changed both in NIS and in local files.  Note that it is not necessarily the passwd client command which performs the change in both locations in that case.  It could be the yppasswd server daemon which performs that extra check.
 
This is a "normal" and "expected" limitation of the design of NIS, and the fact that Master NIS servers usually have the same users in both local files and in the NIS database.  Changes get made to local files and then must be propogated by rebuilding the NIS database.  Of course, it is generally considered inconvenient to have to manually rebuild NIS everytime a password change is made.  In fact, administrators won't even always know when a change has been made to the password.
 
This process can be automated, however.  For example, on the master NIS server, the system can be told to automatically rebuild NIS upon any password changes, by editing /etc/pam.d/passwd and adding the following line to the end of the file:
 
password optional  pam_exec.so seteuid /usr/bin/make -C /var/yp

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7005288
  • Creation Date: 03-Feb-2010
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.