From nobody@FreeBSD.org  Mon Oct 28 14:03:33 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A816237B401
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Oct 2002 14:03:33 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF12C43E88
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Oct 2002 14:03:32 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9SM3W7R097189
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Oct 2002 14:03:32 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.6/8.12.6/Submit) id g9SM3Weh097188;
	Mon, 28 Oct 2002 14:03:32 -0800 (PST)
Message-Id: <200210282203.g9SM3Weh097188@www.freebsd.org>
Date: Mon, 28 Oct 2002 14:03:32 -0800 (PST)
From: Ken Sallot <admin@astro.ufl.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: getnetgrent fails to read NIS netgroup map
X-Send-Pr-Version: www-1.0

>Number:         44578
>Category:       kern
>Synopsis:       [nis] getnetgrent fails to read NIS netgroup map
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 28 14:10:03 PST 2002
>Closed-Date:    
>Last-Modified:  Fri Sep 03 04:08:37 GMT 2004
>Originator:     Ken Sallot
>Release:        4.7 Release
>Organization:
Astronomy, University of Florida
>Environment:
FreeBSD picasso.astro.ufl.edu 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Tue Oct 22 03:48:07 EDT 2002     root@picasso.astro.ufl.edu:/usr/src/sys/compile/CCDSMP  i386

>Description:
      We use host based authentication with SSH at astronomy.  We traditionally have used "+@netgroup" in shosts.equiv, however in freebsd 4.7 this does not work and hba fails.  

If we specify a host, rather than a netgroup, in the shosts.equiv file, it works fine.  

If we perform a 'ypcat -k netgroup > /etc/netgroup' then the "+@netgroup" in shosts.equiv works fine.  If we remove the /etc/netgroup file, or leave it blank, or leave it with a single '+' entry, as the manpage suggests, it fails.  

Because SSH hostbasedauthentication works for us when we ypcat netgroups into /etc/netgroup, I believe this is a libc problem in the getnetgrent function rather than a problem with openssh.

Additionally, netgroups work properly for the master.passwd file.
>How-To-Repeat:
  use NIS.  
  configure ssh for hba.  
  create a NIS netgroup map of hosts:
    good-hosts (foo.bar,-,my_nis_dom)
  make an entry in /etc/ssh/shosts.equiv:
    +@good-hosts
  generate the ssh_known_hosts keys file.
  Watch it fail.
  ypcat -k netgroup > /etc/netgroup
  Watch it work.
  rm /etc/netgroup
  Watch it fail
  touch /etc/netgroup
  Watch it fail
  echo + > /etc/netgroup
  Watch it fail
  Scratch your head and go "hmm, it works in linux".

>Fix:
      cronjob to ypcat -k netgroup.  This is not really a fix.

>Release-Note:
>Audit-Trail:

From: Ken Sallot <ken@astro.ufl.edu>
To: FreeBSD-gnats-submit@FreeBSD.org, <freebsd-bugs@FreeBSD.org>
Cc: Ken Sallot <admin@astro.ufl.edu>
Subject: Re: misc/44578: getnetgrent fails to read NIS netgroup map
Date: Tue, 29 Oct 2002 07:58:49 -0500 (EST)

 Some more details, it appears the fault lies in the 'innetgr' function and 
 not the getnetgrent function.  Sorry about the confusion.
 
 On Mon, 28 Oct 2002 FreeBSD-gnats-submit@FreeBSD.org wrote:
 
 > Thank you very much for your problem report.
 > It has the internal identification `misc/44578'.
 > The individual assigned to look at your
 > report is: freebsd-bugs. 
 > 
 > You can access the state of your problem report at any time
 > via this link:
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=44578
 > 
 > >Category:       misc
 > >Responsible:    freebsd-bugs
 > >Synopsis:       getnetgrent fails to read NIS netgroup map
 > >Arrival-Date:   Mon Oct 28 14:10:03 PST 2002
 > 
 
>Unformatted:
