Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Oct 2002 14:03:32 -0800 (PST)
From:      Ken Sallot <admin@astro.ufl.edu>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/44578: getnetgrent fails to read NIS netgroup map
Message-ID:  <200210282203.g9SM3Weh097188@www.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         44578
>Category:       misc
>Synopsis:       getnetgrent fails to read NIS netgroup map
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 28 14:10:03 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ken Sallot
>Release:        4.7 Release
>Organization:
Astronomy, University of Florida
>Environment:
FreeBSD picasso.astro.ufl.edu 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Tue Oct 22 03:48:07 EDT 2002     root@picasso.astro.ufl.edu:/usr/src/sys/compile/CCDSMP  i386

>Description:
      We use host based authentication with SSH at astronomy.  We traditionally have used "+@netgroup" in shosts.equiv, however in freebsd 4.7 this does not work and hba fails.  

If we specify a host, rather than a netgroup, in the shosts.equiv file, it works fine.  

If we perform a 'ypcat -k netgroup > /etc/netgroup' then the "+@netgroup" in shosts.equiv works fine.  If we remove the /etc/netgroup file, or leave it blank, or leave it with a single '+' entry, as the manpage suggests, it fails.  

Because SSH hostbasedauthentication works for us when we ypcat netgroups into /etc/netgroup, I believe this is a libc problem in the getnetgrent function rather than a problem with openssh.

Additionally, netgroups work properly for the master.passwd file.
>How-To-Repeat:
  use NIS.  
  configure ssh for hba.  
  create a NIS netgroup map of hosts:
    good-hosts (foo.bar,-,my_nis_dom)
  make an entry in /etc/ssh/shosts.equiv:
    +@good-hosts
  generate the ssh_known_hosts keys file.
  Watch it fail.
  ypcat -k netgroup > /etc/netgroup
  Watch it work.
  rm /etc/netgroup
  Watch it fail
  touch /etc/netgroup
  Watch it fail
  echo + > /etc/netgroup
  Watch it fail
  Scratch your head and go "hmm, it works in linux".

>Fix:
      cronjob to ypcat -k netgroup.  This is not really a fix.

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210282203.g9SM3Weh097188>