>Number:         15136
>Category:       lib
>Synopsis:       NIS passwd compat mode does not play nice with identd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 04 01:10:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.5.1
>Organization:

				--*greywolf;
--
NetBSD: "Progress on your system is closer than it appears."
>Environment:
	i386
	NetBSD
	NetBSD/i386
	libc

System: NetBSD rivendell.starwolf.com 1.5ZA NetBSD 1.5ZA (RIVENDELL) #3: Thu Jan 3 01:13:44 PST 2002 greywolf@rivendell.starwolf.com:/usr/src/sys/arch/i386/compile/RIVENDELL i386


>Description:
	Under nsswitch.conf, with passwd compat mode enabled, with the
	+::::::::: entry in master.passwd (for compat mode), and passwd_compat
	set to nis, identd always reports ERROR : NO-USER.  With 
	"passwd: files nis" as the entry, identd does not error out.

	To the identd-phobes among you:  The solution "don't use identd"
	or "make it lie" is not acceptable to me.  For completeness' sake
	and for quality's sake, this really should be fixed.

>How-To-Repeat:
	in /etc/nsswitch.conf, set
	passwd:	compat
	passwd_compat:	nis

	Using vipw, place a +::::::::: entry (plus followed by nine colons)
	in /etc/master.passwd.

	Set up an NIS server temporarily if need be.

	Test identd as follows:

	In one terminal, type
	telnet localhost 113

	In another, type
	netstat -af inet | grep auth.  Note port numbers

	In the telnet session, type
	113,[the-other-port-number] [RETURN]

	You would expect to see
	113 , [the-other-port-number] : USER-ID : OTHER :username

	Instead, you will get
	113 , [the-other-port-number] : ERROR : NO-USER

	Apparently it cannot map in the user name for the *pwd struct.
	Go figure.

>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: