You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Shannon Eric Peevey <sp...@unt.edu> on 2004/02/07 13:05:23 UTC

[Fwd: Re: Net-NIS-0.34 // Apache-AuthenNIS-0.11 - possible bug.]


-------- Original Message --------
Subject: 	Re: Net-NIS-0.34 // Apache-AuthenNIS-0.11 - possible bug.
Date: 	Wed, 04 Feb 2004 09:27:58 -0700
From: 	Ed Santiago <es...@pobox.com>
To: 	philip.ryan@web.de
CC: 	dep@media.mit.edu, speeves@unt.edu
References: 	<20...@mailgate5.cinetic.de>



Hmmm.  I can't reproduce on my end, nor can I see any reason why
it would fail: Apache::AuthenNIS 1.11 [1] doesn't use $sent_pwd
in any context in which dollar-interpolation could take place,
and Net::NIS doesn't even know there's a dollar sign in there.

  [1] http://search.cpan.org/src/SPEEVES/Apache-AuthenNIS-0.11/AuthenNIS.pm

I suspect that the encrypted password is not what it seems.  Here
are some things to try:

  * For a given user 'joebob', can you run 'ypmatch joebob passwd'
    and see the encrypted passwd entry in field 2?  To make sure,
    here's a way to check:  ypmatch joebob passwd|cut -d: -f2

  * Is the encrypted password exactly 13 characters?  Pipe the
    above command through "wc -c", and make sure it returns 14
    (13 + newline).  If it's anything else, crypt() won't work.
    You may have inadvertently set up MD5 passwords, or shadow
    passwords, or (if you hand-edit passwd) perhaps inadvertently
    gotten the passwd colon fields out of sequence.

  * Are you sure the encrypted password is what it should be?
    Try the following, replacing $clear and $expect with your
    own values of the cleartext & encrypted password respectively:

      perl -e '$clear=q{joebob$0}; $expect=q{ZRiRSCe67JKpY}; $result=crypt($clear,$expect); printf "%s %s\n",$result, ($result eq $expect ? "ok" : "MISMATCH!")'

    (just in case it needs to be mentioned: don't muck with the
    quotes above - you don't want the shell to see the '$'s.)

  * Who sets the password?  Is it a human, or a script?  If human,
    can you try setting it again (to check for typos)?  If a script,
    perhaps there's dollar-interpolation happening somewhere before
    the password is encrypted?

  * Perhaps stupid question: there aren't any colons in the username,
    are there?  Just being thorough :-)

Best of luck,
^E
-- 
Ed Santiago            Maintainer, Net::NIS              esm@pobox.com





  On Wed, 4 Feb 2004 16:54:07 +0100, philip.ryan@web.de wrote:
  >Hello, 
  >
  >I am using Apache::AuthenNIS for NIS authentification. I have found that it fails to authenticate a valid user (with a valid passwd) when the passwd contains the pattern: $0
  >
  >e.g. our standard user (default) passwd is user$99, user$00, ..., user$03, user$04 depending on what year the user is created. 
  >
  >We are using: 
  >
  >apache_1.3.28 / mod_perl-1.29 / Apache-AuthenNIS-0.11 / Net-NIS-0.34
  >
  >Can you help? 
  >
  >Phil 
  >
  >
  >



-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html