[rhelv6-list] getent weirdness (was: nscd weirdness)
Collins, Kevin [BEELINE]
KCollins at chevron.com
Wed Dec 8 19:18:27 UTC 2010
After further investigation, this seems to be an issue with getent. If
the effective UID is not 0, it returns '*' as the passwd hash. This is
not the behavior exhibited in previous versions, and explains why I see
the issue from root when nscd is running - nscd does a setuid to the
user 'nscd'.
I checked this on another RHEL6 server that is resolving via NIS and it
does *not* exhibit this behavior, so it has some relationship to LDAP.
But, I can run ldapsearch and get back the passwd hash as any user (our
LDAP allows anonymous read-only to all attributes).
Now my suspicion is that this is caused by nss_ldap, which is different
in RHEL6 since this is now part of nss-pam-ldapd.
Any thoughts?
Thanks,
Kevin
From: rhelv6-list-bounces at redhat.com
[mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Collins, Kevin
[BEELINE]
Sent: Monday, December 06, 2010 10:06 AM
To: rhelv6-list at redhat.com
Subject: [rhelv6-list] nscd weirdness
I am seeing different output in the password field of the passwd output
from 'getent' when I have nscd runnng versus when I don't:
# ps -ef | grep -E 'nscd|nslcd'
nscd 18126 1 0 09:42 ? 00:00:00 /usr/sbin/nscd
nslcd 18206 1 0 09:44 ? 00:00:00 /usr/sbin/nslcd
# getent passwd oracle
oracle:*:200:200:Oracle Owner:/oracle:/usr/bin/sh
# service nscd stop
Stopping nscd: [ OK ]
# getent passwd oracle
oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh
# nscd -i passwd
# getent passwd oracle
oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh
# service nscd start
Starting nscd: [ OK ]
# getent passwd oracle
oracle:*:200:200:Oracle Owner:/oracle:/usr/bin/sh
As you can see, I have tried flushing the passwd cache and restarting
nscd with no luck. The backend in this case is LDAP - the problem does
not appear when I am getting information from an ID in /etc/passwd.
Any ideas?
Thanks,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20101208/c4528bb8/attachment.htm>
More information about the rhelv6-list
mailing list