Date: Thu, 19 Sep 1996 12:15:58 -0700 (PDT) From: Bill Paul <wpaul> To: dg@root.com Cc: cschuber@orca.gov.bc.ca, freebsd-security@freebsd.org Subject: pwd_mkdb and NIS Message-ID: <199609191915.MAA26978@freefall.freebsd.org> In-Reply-To: <199609170218.TAA08566@root.com> from "David Greenman" at Sep 16, 96 07:18:31 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > I had the opportunity to upgrade from 2.1R to 2.1.5 and have found a rather > interesting bug in vipw and pwd_mkdb. [chop] It's not a bug. I've already answered a question like this on either hackers or current a while ago. Somehow, you may have botched your upgrade. When upgrading, you must insure that you end up with the most recent versions of all the shared libraries, including libc, and all the latest binaries. I strongly suspect that you somehow left an old version of libc.so from 2.1.0 on your system. This will not work: you must make sure you have the libc.so from FreeBSD 2.1.5, _and_ that the dynamic linker is finding it correctly. Yes, the magic _PW_* keys for YP changed between versions. This was intentional. I decided the old code sucked and replaced it with some less sucky code that only required one special key. What you should do is this: - Upgrade correctly: make sure that you have both the pwd_mkdb and libc binaries from 2.1.5 installed and talking to each other. - Rerun ldconfig to make sure that it actually _uses_ the new libraries after they're installed. - Rebuild your password database using _ONLY_ the /etc/master.passwd file. Just force pwd_mkdb to rebuild everything once. That last time this happened, it turned out that the user had an old version of libc on his system. How it got there I'm not sure, but if you properly match up libc with pwd_mkdb, there should not be any problems: the new getpwent(3) code knows how to deal with the databases generated by the new pwd_mkdb. Also, the 2.1.5 code is backward compatible with 2.1.0, so that it should be able to read the old style password databases and properly handle NIS users. But the new format is _not_ compatible with the old getpwent(3) code. Run 'ldd /usr/sbin/pwd_mkdb' and check which version of libc the runtime linker is choosing. It must be the latest one that came packaged with FreeBSD 2.1.5. Also try 'ldd /usr/bin/login' and make sure it displays the same libraries. If you have 2.1.5 on CD-ROM, check the live filesystem CD for libc.so and make sure it's the same as the one on your system. If you don't have the CD, you'll have to crack open the bin.?? distribution to get it. -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609191915.MAA26978>