From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 22 16:09:28 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DA1BE16A403
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 16:09:28 +0000 (UTC)
	(envelope-from mike@jellydonut.org)
Received: from mail.secureworks.net (mail.secureworks.net [65.114.32.155])
	by mx1.FreeBSD.org (Postfix) with SMTP id E6ADD43DA4
	for <freebsd-stable@freebsd.org>; Wed, 22 Nov 2006 16:04:34 +0000 (GMT)
	(envelope-from mike@jellydonut.org)
Received: (qmail 45465 invoked from network); 22 Nov 2006 16:04:15 -0000
Received: from unknown (HELO ?192.168.23.35?) (63.239.86.3)
	by 0 with SMTP; 22 Nov 2006 16:04:15 -0000
Message-ID: <456474FF.2020905@jellydonut.org>
Date: Wed, 22 Nov 2006 11:04:15 -0500
From: Michael Proto <mike@jellydonut.org>
User-Agent: Thunderbird 1.5.0.8 (X11/20061114)
MIME-Version: 1.0
To: Mark Hennessy <mark@cloud9.net>
References: <Pine.BSF.4.64.0611221037210.27453@earl-grey.cloud9.net>
In-Reply-To: <Pine.BSF.4.64.0611221037210.27453@earl-grey.cloud9.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-stable@freebsd.org
Subject: Re: FreeBSD 6.x, NIS, local root password, and nsswitch.conf
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2006 16:09:29 -0000

Mark Hennessy wrote:
> The machine in question having the problem with its root password being
> clobbered by NIS is an NIS Slave Server running FreeBSD 6.1, the other
> machines that aren't having this problem are clients running FreeBSD
> 4.11, and the NIS Master Server is running FreeBSD 6.1.
> 
> The pam config for login and su don't appear to be pointing specifically
> to NIS for anything, just system.
> 

What does /etc/passwd look like? I've seen this happen in our
environment when a +entry in /etc/password is above the equivalent user
account. Like if "+root..." or "+@wheel" were above the default root
account.

Incidentally, my /etc/nsswitch.conf looks like this and does work
appropriately with NIS:

group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis


-Proto