From spatula@shell3.ba.best.com  Thu Sep 10 11:17:11 1998
Received: from shell3.ba.best.com (shell3.ba.best.com [206.184.139.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22235
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Sep 1998 11:17:09 -0700 (PDT)
          (envelope-from spatula@shell3.ba.best.com)
Received: (from spatula@localhost)
	by shell3.ba.best.com (8.9.0/8.9.0/best.sh) id LAA09941;
	Thu, 10 Sep 1998 11:16:59 -0700 (PDT)
Message-Id: <199809101816.LAA09941@shell3.ba.best.com>
Date: Thu, 10 Sep 1998 11:16:59 -0700 (PDT)
From: mrnick@spatula.net
Reply-To: mrnick@spatula.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: unexpected NIS/getpwnam behavior
X-Send-Pr-Version: 3.2

>Number:         7885
>Category:       misc
>Synopsis:       unexpected NIS/getpwnam behavior
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 10 11:20:00 PDT 1998
>Closed-Date:    Mon Jan 11 13:09:24 PST 1999
>Last-Modified:  Mon Jan 11 13:11:21 PST 1999
>Originator:     Nick Johnson
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:
FreeBSD 3.0-current running NIS binding to a Solaris machine running ypserv
	

>Description:
If the "+" entry in the password file contains any entry for a password,
that entry is assumed for all passwords via NIS.  For example, if the line
reads
+:MOOCOW::0:0::::::
then getpwnam will substitute "MOOCOW" for the encrypted password it receives
via the yp_match call for all NIS users.  This may be unexpected behavior
for persons accustomed to using the +:*::0:0::::: notation, as all encrypted
passwords will be replaced by "*".

This has the potential to have ugly consequences should a foolish administrator
put a valid encrypted password in the password field; all users would then
have that same password on the client machine.

	

>How-To-Repeat:
Put anything in the password field

	

>Fix:
Don't put anything in the password field.
	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: steve 
Responsible-Changed-When: Fri Sep 18 22:01:05 PDT 1998 
Responsible-Changed-Why:  
Misfiled PR. 
State-Changed-From-To: open->closed 
State-Changed-By: dt 
State-Changed-When: Mon Jan 11 13:09:24 PST 1999 
State-Changed-Why:  
Meaning of NIS wildcard entries documented in passwd(5), and this example 
perfectly fit there. 
>Unformatted:
