[Dave H.]

Server: SuSE Linux 9.x

We've just migrated from local passwd files to NIS. The server and clients all see each other and users can login, provided they haven't tried to change their password. The problem is that when users change their passwords (using passwd ... yppasswd is deprecated), the changes don't appear to be reflected in the NIS database, because the encrypted password shown by "ypcat passwd.byname" is different than the local /etc/passwd (actually /etc/shadow) file on the server. The result is that the user can login with the new password on the NIS server, but must use the original password on clients.

This problem occurs whether the password is changed from a session on the NIS server or a session on a client. Further, the passwd program always reports "NIS database on foo.bar updated". Even running "make all" in /var/yp does not cause the entries shown by ypcat to match /etc/passwd.

Other factors possibly worth noting:
1. Entries where the password has not been changed (since the introduction of NIS) are identical, unlike those of users who have attempted to change their passwords.
2. The systems used /etc/shadow prior to NIS. The NIS databases merged shadow into passwd, however the NIS server still stores local passwords in /etc/shadow and uses those to rebuild the databases.

My gut feeling is that the /etc/shadow issue is somehow related, but I'm not sure where to go from here. Any assistance would be greatly appreciated. Thanks!

-Dave H.

[Dave H.]

Got it working, and it did turn out to be related to /etc/shadow. I disabled the "password/shadow merge" option in /var/yp/Makefile, rebuild the maps, and added an include entry to the shadow files on all clients, and now password changes work fine.

-Dave H.