Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] ypbind not running - can still login
  • From: Thorsten Kukuk <kukuk@xxxxxxx>
  • Date: Wed, 3 May 2000 09:05:28 +0200
  • Message-id: <20000503090525.A15703@xxxxxxxxxxxxx>
On Wed, May 03, Volker Kuhlmann wrote:

> I did some tests with the NIS authentication stuff on SuSE 6.3, setting
> a ypserver and starting ypbind (both via /etc/rc.config). Package
> ypclient-3.4-4.
>
> I edited /etc/passwd and changed the default
> +::::::
> to
> +someuser::::::
> This should only allow someuser to login. Fine. Then I
> /etc/rc.d/init.d/ypclient stop
> to revert back to standard non-NIS behaviour. But user someuser can
> still login, using the password authenticated by the yp server. Putting a
> bogus ypserver into /etc/yp.conf has no effect, and there is no someuser
> anywhere else in passwd.
>
> This is a worry - I get NIS authentication but ypbind isn't running!!
>
> What's going on? Something must be buffered somewwhere - unloading ypbind
> should flush that!!

No, unloading ypbind cannot flush caches.

B I think you fail into a "bug" with the wrong kernel implementation
of posix threads. If ypbind stops, it should delete the files in
/var/yp/binding/*

But the Linux thread implementation is no 100% posix conform, so this
does not always happen.
Remove /var/yp/binding/* and everything should be ok.

Thorsten

--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx
SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

< Previous Next >
References