My first summary said:
> It turns out that newer versions of Solaris do not allow root to change
> NIS* passwords. From man passwd(1) in Solaris 2.5.1 and later:
> In the files case, superusers (for instance, real and effec-
> tive uid equal to 0, see id(1M) and su(1M)) may change any
> But, from man passwd(1) in Solaris 2.4 the same section reads:
> Super-users (for instance, real and effective uid equal to
> zero, see id(1M) and su(1M)) may change any password;
> So, in 2.5 or 2.5.1 this root power was rescinded. Nice of them to
> document it so well. :-(
However, I got more response to my summary than to my original question.
It turns out that this root power was *not* available in Solaris 2 until
very recently, when it was added back in. A sentence was added to the
end of the paragraph from which I quoted above:
If NIS is in
effect, superuser on the root master can change any password
without being prompted for the old NIS passwd , and is not
forced to comply with password construction requirements.
It turns out that if this had been a later OS, or had certain patches
(below), it would have worked.
Casper Dik explained it best (as usual). Thanks also to Niall O Broin
and Gerard Henry.
> From: Casper Dik <firstname.lastname@example.org>
> Uhm, the power couldn't have existed in 2.4, I'm sure (because of how
> NIS as a protocol works).
> However, in newer releases we've added a backdoor protocol taht works
> on the master server only:
> If NIS is in
> effect, superuser on the root master can change any password
> without being prompted for the old NIS passwd , and is not
> forced to comply with password construction requirements.
> In SunOS 4 days, you could use "passwd -F" on the NIS master source.
> There's patch 106563-04 (PAM) and 103053-08 (NSKIT 1.2) that fix this
> problem when they're both applied.
David L. Markowitz Director, UNIX Software
David.Markowitz@litronic.com Litronic Industries
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:23 CDT