From owner-freebsd-hackers  Wed Jul  3 13:00:57 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA20835
          for hackers-outgoing; Wed, 3 Jul 1996 13:00:57 -0700 (PDT)
Received: from tellab5.lisle.tellabs.com (tellab5.lisle.tellabs.com [138.111.243.28])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA20800;
          Wed, 3 Jul 1996 13:00:48 -0700 (PDT)
From: mikebo@tellabs.com
Received: from sunc210.tellabs.com by tellab5.lisle.tellabs.com with smtp
	(Smail3.1.29.1 #4) id m0ubY5w-0004fYC; Wed, 3 Jul 96 15:00 CDT
Received: by sunc210.tellabs.com (SMI-8.6/1.9)
	id OAA13711; Wed, 3 Jul 1996 14:59:42 -0500
Message-Id: <199607031959.OAA13711@sunc210.tellabs.com>
Subject: 2.1-960627-SNAP: YP problem
To: bugs@freebsd.org
Date: Wed, 3 Jul 1996 14:59:41 -0500 (CDT)
Cc: hackers@freebsd.org, mikebo (Mike Borowiec)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Greetings -
I believe a bug has been introduced into the 2.1-960627-SNAP YP code.
Previously, I had been able to use NIS netgroups in the password file:
+@mygroup:::::::::

The FreeBSD client is bound to a SunOS 4.1.x server. When I attempt to
login, FreeBSD attempts :
NIS:  ----- Network Information Service -----
NIS:  Proc = 4 (Return first key-value pair in map)
NIS:  Domain = mydomain
NIS:  Map = master.passwd.byname

Of course, my Sun NIS domain has no such map "master.passwd.byname",
and that's the end of that. The FreeBSD client goes on to try and get
the passwd.byname entry for my login, which succeeds. Nevertheless,
the login is refused. Here is a high-level packet trace:

  1   0.00000       toybox -> sunc         NIS C FIRST
  2   0.01581         sunc -> toybox       NIS R FIRST No such map
  3   0.00321       toybox -> sunc         NIS C MATCH mikebo in passwd.byname
  4   0.01115         sunc -> toybox       NIS R MATCH OK

If I take the SunOS map entry from my account, and massage it to fit
the format of the FreeBSD vipw, I am able to login just fine. This means
that the password encryption and comparison is working. (Yes, DES is
installed and working).

I really need netgroup security. Am I doing something wrong?
Is anyone else using NIS netgroup security successfully with this SNAP?
- Mike
-- 
--------------------------------------------------------------------------
Michael Borowiec   -   mikebo@tellabs.com   -   Tellabs Operations Inc.
Senior Member of Technical Staff                4951 Indiana Avenue, MS 63
708-512-8211  FAX: 708-512-7099                 Lisle, IL  60532  USA
--------------------------------------------------------------------------