SUMMARY: get "Password does not decrypt secret key" error, not using NIS

From: Amaresh R. Joshi (joshia@com.msu.edu)
Date: Wed Aug 16 1995 - 04:17:37 CDT


hi sun managers,
below is my original post. below that is my summary
of responses. thanks to all who responded.

----------- start original post --------------------------------------
>hello managers,
>recently i changed the uid of a user from 104 to 100, since
>then whenever that user (actually me :-) tries to login i
>get the following error
>
>Password does not decrypt secret key for unix.100@com.msu.edu
>
>
>but the login proceeds normally and i can't see any problems.
>i can change my password as well. however when i try to ftp to
>that machine i get an error message, but after issuing a command
>i get logged in:
>
>Name (cranium:joshia):
>331 Password required for joshia.
>Password:
>530 Login incorrect.
>Login failed.
>ftp> ls
>230 User joshia logged in.
>530 Login incorrect.
>ftp> <---- from here ftp works normally
>
>
>other users don't experience these problems. i'm *not*
>running NIS or NIS+, here's my /etc/nsswitch.conf file:
>--------------- nsswitch.conf ----------------------
>passwd: files
>group: files
>hosts: files dns
>networks: files
>protocols: files
>rpc: files
>ethers: files
>netmasks: files
>bootparams: files
>publickey: files
>netgroup: files
>automount: files
>aliases: files
>services: files
>sendmailvars: files--------------- nsswitch.conf ----------------------
>
>any ideas? i'll summarize if there is any interest.
----------- end original post --------------------------------------

i rec'd replies from 13 posters which included 2 "me too"s.

one suggestion was to make sure i had the correct permissions
on the users directories, which i had.

another suggestion was to make sure that my updates were
reflected in /etc/shadow. they were because i had made the
changes using usermod, which updates the shadow file.

one poster suggested that uid's from 1 to 100 were reserved by
Solaris. the man page for "useradd" says uid's from 1-99 are
reserved.

the rest of the suggestions were too use "keylogin" or
"chkey -p". at first i thought i hadn't made it clear that
i was *not* using NIS or NIS+. but then i discovered, and a
correspondent pointed out, that the secret keys in /etc/publickey
are used by secure-rpc as well as NIS/+.

looking in that file i noticed there were entries for "nobody"
and the user who was having problems. commenting out the entry for
that user, got rid of the error messages at login and ftp.

if the secret key is needed then:
the user couldn't use the "chkey -p" or "keylogin" command
because the entry in /etc/publickey was messed up. so as
root i deleted the entry in /etc/publickey and ran the
"newkey -u username" command.

i don't know why changing the users uid caused an entry in
/etc/publickey to be created, or what messed it up.

i got replies from the following people:

lucas@blucas.nadn.navy.miL (Bonnie Lucas)
billh@dcvast.com (Bill Holzapfel)
Gary Merinstein <gmerin@panix.com>
sweh@mpn.com (Stephen Harris)
roy@mss.mss.com (Rahul Roy)
Jim Levie <levie@dynetics.com>
rangern@CIRANO.UMontreal.CA (Normand Ranger)
Stephen Schaefer - Imonics Consultant <sps@imonics.com>
seanw@amgen.com (Sean Ward)
mel@maths.abdn.ac.uk (Mel)

thanks again to all who replied.

amaresh

---
Amaresh R. Joshi             | Systems Analyst
joshia@com.msu.edu           | Michigan State University
-----------------------------+---------------------------------------



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:31 CDT