Patch-ID# 113579-07 Keywords: security ypserv ypxfrd crypt plugin password hashing nis ldap Synopsis: SunOS 5.9: ypserv/ypxfrd patch Date: Sep/23/2004 Install Requirements: Reconfigure after installation Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114342 Topic: SunOS 5.9: ypserv/ypxfrd patch Relevant Architectures: sparc BugId's fixed with this patch: 4192824 4248430 4283355 4390053 4700602 4737417 4823553 4882937 4890530 4905454 4951399 5022150 Changes incorporated in this version: 4951399 Patches accumulated and obsoleted by this patch: 113483-02 115490-01 Patches which conflict with this patch: Patches required with this patch: 115165-02 or greater Obsoleted by: Files included with this patch: /usr/include/crypt.h /usr/lib/netsvc/yp/inityp2l /usr/lib/netsvc/yp/rpc.yppasswdd /usr/lib/netsvc/yp/ypmap2src /usr/lib/netsvc/yp/ypserv /usr/lib/netsvc/yp/ypstart /usr/lib/netsvc/yp/ypxfr /usr/lib/netsvc/yp/ypxfrd /var/yp/Makefile Problem Description: 4951399 ypserv prints do_accept : can't open connection : Interrupted system call (from 113579-06) 5022150 NIS/LDAP transition disables secure maps (from 113579-05) 4890530 ypserv should only answer bind requests from clients in /var/yp/securenets (from 113579-04) 4905454 ypserv holds parent stdio's causing program such as rsh to hang (from 113579-03) 4882937 Patch for 4390053 should include updated /usr/include/crypt.h (from 113579-02) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update s9u5 feature point patch 115490-01 (from 113579-01) 4737417 ypxfrd security issue with map handling (from 113483-02) 4283355 rpc.yppasswdd temporarily removes passwd source file resulting in exit (from 113483-01) 4390053 crypt(3c) needs to interoperate with *BSD and Linux 4248430 RFE: NIS+ should support alternate encryption algorithms for the user password 4192824 newkey/chkey should use a configurable crypt() to encrypt the users password 4700602 crypt_gensalt should be version SUNW_1.22 instead of SUNW_1.21 (from 115490-01) 4823553 NIS to LDAP transition project (N2L) 2001/282 Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- In order for this patch to take effect, your system must be rebooted immediately after the patch has been installed. NOTE 1: To get the complete Flexible Crypt feature, please also install the following patches: 112874-06 (or newer) libc 113475-01 (or newer) libsecurity crypt 113476-01 (or newer) passwdutil.so.1 113480-01 (or newer) pam_unix Patch 113481-01 (or newer) nispasswdd 113482-01 (or newer) rpc.ypasswd NOTE 2: To get the complete NIS to LDAP Transition Project, please also install the following patch: 115677-01 (or newer) idsconfig patch NOTE 3: This patch replaces the file /var/yp/Makefile after saving a copy of it as /var/yp/Makefile.old. If customizations were previously made to the /var/yp/Makefile, please transfer the customizations to the new /var/yp/Makefile. NOTE 4: /var/yp/Makefile.old has been replaced by Makefile.patchid for rev -06 of this patch and newer. Refer to the patch log file for more information. README -- Last modified date: Thursday, September 23, 2004