SUSE Linux Enterprise Server 10
A certain SLES system is set up as both an NIS client and Master NIS server. When the yppasswd or passwd command is given on that system, it appears to be successful but the NIS password is not changed. If the master NIS has it's databases rebuilt, then the new password comes into effect.
If the same yppasswd command is done from a system which is only an NIS client, it successfully sets the NIS password in the remote NIS Server.
The yppasswd command simply calls the passwd command, so for the rest of this discussion, "passwd" will be referenced.
The passwd command searches for users based on the order specified in /etc/nsswitch.conf. Typically, local files are searched before nis is searched. Therefore, on a Master NIS (which typically holds the user information both in local files and in nis), passwd will find the user in local files first, and only change the password there.
In contrast, if the account is found in NIS first, it will be changed both in NIS and in local files. Note that it is not necessarily the passwd client command which performs the change in both locations in that case. It could be the yppasswd server daemon which performs that extra check.
This is a "normal" and "expected" limitation of the design of NIS, and the fact that Master NIS servers usually have the same users in both local files and in the NIS database. Changes get made to local files and then must be propogated by rebuilding the NIS database. Of course, it is generally considered inconvenient to have to manually rebuild NIS everytime a password change is made. In fact, administrators won't even always know when a change has been made to the password.
This process can be automated, however. For example, on the master NIS server, the system can be told to automatically rebuild NIS upon any password changes, by editing /etc/pam.d/passwd and adding the following line to the end of the file:
password optional pam_exec.so seteuid /usr/bin/make -C /var/yp
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.