SUMMARY: Xlock and NIS+

From: System Admin (root@ksm.my)
Date: Sun Jul 03 1994 - 04:27:02 CDT


SUN Managers,

   I still cannot determine why the small xlock box appear without the word
asking for login password. Because now, I manage to get the word that ask
for a login password (maybe after create a DES entry for that user), then
another problem occurs, when they key-in their login password (NIS+) it
gave "invalid login" :-(.
   In another place, I did a fresh installation for several machines,
where they have 4 server and 30 workstation, all using Solaris 2.3,
(with label "Solaris 2.3 HARDWARE 5/94: Disc 1" on the CD), I start
from fresh, setting up the NIS+, without installing any patches,
when I try run the "xlock" using NIS+ user from one of the workstation,
it works fine, it validate the login without any problem.
   I would like to thanks to all the respondents.

Thank you.

regards

rosley@ksm.my

===============================================================================
ORIGINAL POSTING:
   we have 14 SparcStation 10 running NIS+ (Solaris 2.3). User
login at the client machine using user account from NIS+ database
(the account didn't exist in local /etc/passwd|/etc/shadow) and
running openwin, then he run the "xlock" (to lock the screen on
openwindows), but when he want to get back to the screen,
supposed it will ask for the password (user login password) but
what appear is only on small box, where when you click inside that
box it will bring you back to the full screen of "xlock" mode. and
the only way to get back to the openwindows screen is to login
from another client/telnet to that client machine, and "kill -9 " the
"xlock" process.
   Then I create one local user account (account exist in /etc/passwd)
and when I run "xlock" and try to return back to the openwindows
screen, it works fine (it prompt for the login password).
 
   Is anybody know/have any ideas on this, or is that mean "xlock"
didn't support NIS+ ? or did I miss anything like patches ?
 
 
thanks in advance

===============================================================================
RESPONSES:

<Steve_Kilbane@cegelecproj.co.uk> :
you need to add credentials for the client to the server, so that the
client can read the passwd table. Do the following as a member of the
administration group:

% nisaddcred -p unix.client@yourdomain -P client.yourdomain. des
                               no dot ^ dot ^

then on the client, login as root and do a keylogin. things should then
work.

-------------------------------------------------------------------------------
Ron Russell :
Double check your nis+ credentials, I suggest running
/usr/lib/nis/nisclient -i ; init 6

The problem with the words not appearing may indicate a fontpath
problem as well as a credential problem.

-------------------------------------------------------------------------------
rwh@atmos.albany.edu :
Become super-user on the client machines and run 'nisclient -i', answer all
qestions, reboot and everything should work ok. This should be properly done
when installing from CDROM but it doesn't.

-------------------------------------------------------------------------------
Casper :
xlock is set-uid root so that it can read the shadow password file.
Alas, xlock should be running as the user invoking it when using
NIS+.

If you only have NIS+ users running xlock, a simple chmod u-s
/usr/openwin/bin /xlock might suffice, unless your users do
keylogouts.

-------------------------------------------------------------------------------
Andreas.Stoll@Germany.Sun.Com :
Yes, xlock just looks in /etc/passwd. The only way out is to look for
another screen-lock
perhaps xscreensaver or so with option to lock screen?

-------------------------------------------------------------------------------
brb@ike.safb.af.mil :
Have you tried clicking outside the small
box? Then enter a password.

-------------------------------------------------------------------------------
Gene Loriot epl@kodak.com :
Not to suggest that there are no patches needed..but your problem is correct.

IT SHOULD happen!!! Your problem is that your machine:

                unix.<hostname>@<domainname>

has no credentials. To add credentials for root on the machine (which is what
the above line stands for) you issue the following command and respond with
the CLIENT's root password:

nisaddcred -p unix.caps100@Caps.Kodak.COM -P caps100.Caps.Kodak.COM. des
  

But substitute the client host hame for caps100 and your domain for kodak...

OR: you can change the permissions on org_dir.password and org_dir.group to
give "nobody" read permission.

Anything unclear, please write.

-------------------------------------------------------------------------------
Andrej.Misik@fmph.uniba.sk :
>
> what appear is only on small box, where when you click inside that
> box it will bring you back to the full screen of "xlock" mode. and
> the only way to get back to the openwindows screen is to login
> from another client/telnet to that client machine, and "kill -9 " the
> "xlock" process.

        We have the same symptoms here (only small box, no prompt),
        but users are still able to type their passwords and unlock
        the session. Try it (if you didn't tried it yet) and if it
        doesn't work, there are 2 solutions:

        1) Is this problem only on NIS+ clients or on the server also?
           If it is working on the NIS+ server, then clients are not
           able to read encrypted password from the NIS+ passwd table.
           You must add all clients into NIS+ admin group (which is group
           owner of passwd.org_dir table) a do nischmod g+r passwd.org_dir.

        2) If you can't unlock session also on NIS+ server, then
           I don't know..;-))

> Then I create one local user account (account exist in /etc/passwd)
> and when I run "xlock" and try to return back to the openwindows
> screen, it works fine (it prompt for the login password).
>

        From this I supposed you're the first case....perhaps.

        Hope this helps - and please summarize, I'm interested in
        others' opinions, too.

-------------------------------------------------------------------------------
Peter Samuel peter@uniq.com.au :
We have a similar problem. We don't use NIS+, rather our Solaris 2.x
machines are NIS clients. When attempting to exit from xlock it often
displays only the mini xlock box. We've found that if you type your
password and then RETURN, xlock will exit normally. If you click in the
box, xlock continues to run which is the normal behaviour of xlock.

So far I haven't been able to determine what is causing this
behaviour.

The bottom line is just to imagine that the text is there and type
away.

-------------------------------------------------------------------------------
Roland Kaltefleiter kaltef@theo-physik.uni-kiel.de :
We have NIS+ running (only NIS+, no compat NIS mode) and its fine:

# /etc/nsswitch.nisplus:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS+ (NIS Version 3) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the /etc/netconfig
# file contains "switch.so" as a nametoaddr library for "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files nisplus
group: files nisplus

# consult /etc "files" only if nisplus is down.
#hosts: files nisplus [NOTFOUND=return]
#Uncomment the following line, and comment out the above, to use both DNS
#and NIS+. You must also set up the /etc/resolv.conf file for DNS name
#server lookup. See resolv.conf(4).
hosts: files nisplus dns [NOTFOUND=return]

services: nisplus [NOTFOUND=return] files
networks: nisplus [NOTFOUND=return] files
protocols: nisplus [NOTFOUND=return] files
rpc: nisplus [NOTFOUND=return] files
ethers: nisplus [NOTFOUND=return] files
netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files

publickey: nisplus

netgroup: nisplus

automount: files nisplus
aliases: files nisplus
sendmailvars: files nisplus

> Is anybody know/have any ideas on this, or is that mean "xlock"
>didn't support NIS+ ? or did I miss anything like patches ?

Patches:
# showrev -p
Patch: 101297-01 Obsoletes: Packages: SUNWcsr.2 11.5.0,REV=2.0.19,PATCH=2, SUNWcsu.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101306-01 Obsoletes: Packages: SUNWcsr.3 11.5.0,REV=2.0.19,PATCH=3
Patch: 101311-03 Obsoletes: Packages: SUNWgt.2 12.0.0,REV=3.5.1,PATCH=1, SUNWgtow.2 1.0.0,REV=3.6.1,PATCH=2, SUNWgtu.2 12.0.0,REV=3.5.1,PATCH=1
Patch: 101316-01 Obsoletes: Packages: SUNWarc.2 11.5.0,REV=2.0.18,PATCH=1, SUNWcsu.3 11.5.0,REV=2.0.18,PATCH=2
Patch: 101317-04 Obsoletes: Packages: SUNWlpr.2 11.5.0,REV=2.0.18,PATCH=4, SUNWlpu.2 11.5.0,REV=2.0.18,PATCH=4, SUNWscpu.2 11.5.0,REV=2.0.18,PATCH=5
Patch: 101318-31 Obsoletes: 101267-01,101326-01,101349-01,101319-02,101346-03,101485-01 Packages: SUNWarc.3 11.5.0,REV=2.0.18,PATCH=43, SUNWcar.2 11.5.0,REV=2.0.18,PATCH=38, SUNWcsr.4 11.5.0,REV=2.0.19,PATCH=57, SUNWcsu.4 11.5.0,REV=2.0.18,PATCH=78, SUNWdfb.2 11.5.0,REV=2.0.18,PATCH=23, SUNWsxr.2 11.5.0,REV=2.0.18,PATCH=24
Patch: 101325-03 Obsoletes: Packages: SUNWarc.4 11.5.0,REV=2.0.18,PATCH=17, SUNWcsu.5 11.5.0,REV=2.0.18,PATCH=31
Patch: 101327-02 Obsoletes: Packages: SUNWcsu.6 11.5.0,REV=2.0.18,PATCH=44
Patch: 101328-01 Obsoletes: Packages: SUNWcsu.7 11.5.0,REV=2.0.18,PATCH=17
Patch: 101329-05 Obsoletes: 101315-01 Packages: SUNWarc.5 11.5.0,REV=2.0.18,PATCH=32, SUNWcsr.5 11.5.0,REV=2.0.19,PATCH=41, SUNWcsu.8 11.5.0,REV=2.0.18,PATCH=59, SUNWnisu.2 11.5.0,REV=2.0.18,PATCH=4
Patch: 101330-03 Obsoletes: Packages: SUNWdiag.2 4.2.0,REV=1.0.1,PATCH=3
Patch: 101331-03 Obsoletes: Packages: SUNWcsu.9 11.5.0,REV=2.0.18,PATCH=35
Patch: 101343-02 Obsoletes: Packages: SUNWdoc.2 11.5.0,REV=2.0.18,PATCH=2
Patch: 101344-05 Obsoletes: Packages: SUNWcsr.6 11.5.0,REV=2.0.19,PATCH=21, SUNWcsu.10 11.5.0,REV=2.0.18,PATCH=29
Patch: 101345-02 Obsoletes: Packages: SUNWarc.6 11.5.0,REV=2.0.18,PATCH=9, SUNWcsu.11 11.5.0,REV=2.0.18,PATCH=19
Patch: 101347-01 Obsoletes: Packages: SUNWcsr.7 11.5.0,REV=2.0.19,PATCH=10
Patch: 101359-01 Obsoletes: Packages: SUNWcsu.12 11.5.0,REV=2.0.18,PATCH=18
Patch: 101362-06 Obsoletes: 101307-01 Packages: SUNWowrqd.2 3.3.19,REV=0.93.09.17,PATCH=15
Patch: 101371-03 Obsoletes: Packages: SUNWcsu.13 11.5.0,REV=2.0.18,PATCH=57
Patch: 101378-02 Obsoletes: Packages: SUNWcsr.8 11.5.0,REV=2.0.19,PATCH=43
Patch: 101384-01 Obsoletes: none Packages: SUNWadmap.2 6.0.9,PATCH=1, SUNWadmfw.2 6.0.8,PATCH=1
Patch: 101388-01 Obsoletes: Packages: SUNWbnuu.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101389-01 Obsoletes: Packages: SUNWbtool.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101406-01 Obsoletes: Packages: SUNWcsr.9 11.5.0,REV=2.0.19,PATCH=26
Patch: 101409-03 Obsoletes: Packages: SUNWcsu.14 11.5.0,REV=2.0.18,PATCH=76, SUNWtoo.2 11.5.0,REV=2.0.18,PATCH=3
Patch: 101416-01 Obsoletes: Packages: SUNWcsu.15 11.5.0,REV=2.0.18,PATCH=47
Patch: 101418-01 Obsoletes: Packages: SUNWcsu.16 11.5.0,REV=2.0.18,PATCH=40
Patch: 101425-01 Obsoletes: Packages: SUNWpppk.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101448-01 Obsoletes: Packages: SUNWcsu.17 11.5.0,REV=2.0.18,PATCH=50
Patch: 101468-01 Obsoletes: Packages: SUNWdeow.2 7.0,REV=13.0,PATCH=1
Patch: 101484-01 Obsoletes: Packages: SUNWbcp.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101493-01 Obsoletes: Packages: SUNWcg6.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101494-01 Obsoletes: Packages: SUNWcsu.18 11.5.0,REV=2.0.18,PATCH=63
Patch: 101496-01 Obsoletes: Packages: SUNWhea.2 11.5.0,REV=2.0.18,PATCH=1
Patch: 101497-01 Obsoletes: Packages: SUNWcsu.19 11.5.0,REV=2.0.18,PATCH=68
Patch: 101513-01 Obsoletes: Packages: SUNWowrqd.3 3.3.19,REV=0.93.09.17,PATCH=14
Patch: 101517-01 Obsoletes: Packages: SUNWowrqd.4 3.3.19,REV=0.93.09.17,PATCH=16, SUNWowslb.2 3.3.18,REV=0.93.09.07,PATCH=6
Patch: 101521-01 Obsoletes: Packages: SUNWcsu.20 11.5.0,REV=2.0.18,PATCH=72
Patch: 101534-01 Obsoletes: Packages: SUNWcar.3 11.5.0,REV=2.0.18,PATCH=37
Patch: 101543-01 Obsoletes: Packages: SUNWowrqd.5 3.3.19,REV=0.93.09.17,PATCH=23
Patch: 101362-09 Obsoletes: 101307-01 101457-01 Packages: SUNWowrqd.6 3.3.19,REV=0.93.09.17,PATCH=28
Patch: 101318-41 Obsoletes: 101267-01,101326-01,101349-01,101319-02,101346-03,101485-01,101371-04 Packages: SUNWarc.7 11.5.0,REV=2.0.18,PATCH=59, SUNWcar.4 11.5.0,REV=2.0.18,PATCH=54, SUNWcsr.10 11.5.0,REV=2.0.19,PATCH=82, SUNWcsu.21 11.5.0,REV=2.0.18,PATCH=123, SUNWdfb.3 11.5.0,REV=2.0.18,PATCH=35, SUNWsxr.3 11.5.0,REV=2.0.18,PATCH=35
Patch: 101329-13 Obsoletes: 101315-01 Packages: SUNWarc.8 11.5.0,REV=2.0.18,PATCH=61, SUNWcsr.11 11.5.0,REV=2.0.19,PATCH=85, SUNWcsu.22 11.5.0,REV=2.0.18,PATCH=126, SUNWnisu.3 11.5.0,REV=2.0.18,PATCH=13
Patch: 101362-13 Obsoletes: 101307-01 101457-01 Packages: SUNWowrqd.7 3.3.19,REV=0.93.09.17,PATCH=58
Patch: 101329-15 Obsoletes: 101315-01 Packages: SUNWarc.9 11.5.0,REV=2.0.18,PATCH=65, SUNWcsr.12 11.5.0,REV=2.0.19,PATCH=93, SUNWcsu.23 11.5.0,REV=2.0.18,PATCH=133, SUNWnisu.4 11.5.0,REV=2.0.18,PATCH=15

-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:04 CDT