[KLUG Members] changed password on server, now can't login

[John Pesce]

On Mon, 2005-04-25 at 16:47, Bruce Smith wrote:
> > > I changed a user's password on my Suse 9.2 NIS server and now he can
> > > only login on a few newer installs of Suse 9.2. He can not login to some
> > > older Suse or any Redhat machines. The only thing I can see different is
> > > he has a longer passwd in the shadow file begining with $2a$.
> > > I believe this is using the newer higher encryption GNU crypt function?
> > 
> > You probably made an MD5 password,  
> 
> Yes, it appears that way.
> 

How can I tell? Are MD5 passwords longer?

> > you need to somehow set the password
> > module to make a crypt password.  See the PAM documentation.
> 
> It's possible that NIS won't transfer the entire MD5 password, I've run
> into similar problems on really old NIS servers.

I don't believe the NIS server is the issue since the new Suse clients
can get the password fine. The clients being picky are Rh9

> How did you change the password on the SuSE 9.2 box?  Standard "passwd"
> program?  If so, did you try changing it with "yppasswd" to see if that
> creates a standard password hash.

I used the passwd command and then did a /var/yp/ make

> > > How can I get the other machines to accept the new password?
> > 
> > How much older?  You might be able to just try the MD5 parameter to the
> > PAM module doing the authentication (pam_unix?).

I'll hunt be how to do that.

> Do a "ypcat passwd" to see if the encrypted passwords are even being
> transmitted over NIS correctly first.

I did that test When Rh9 wouldn't login. I did a ypcat passwd and I saw
the new password entry. I then went to some Suse 9.1 and 9.2 boxes and
they logged in fine.