After further investigation, this seems to be an issue with getent. If the effective UID is not 0, it returns '*' as the passwd hash. This is not the behavior exhibited in previous versions, and explains why I see the issue from root when nscd is running - nscd does a setuid to the user 'nscd'.
I checked this on another RHEL6 server that is resolving via NIS and it does *not* exhibit this behavior, so it has some relationship to LDAP. But, I can run ldapsearch and get back the passwd hash as any user (our LDAP allows anonymous read-only to all attributes). Now my suspicion is that this is caused by nss_ldap, which is different in RHEL6 since this is now part of nss-pam-ldapd. Any thoughts? Thanks, Kevin From: [email protected] [mailto:[email protected]] On Behalf Of Collins, Kevin [BEELINE] Sent: Monday, December 06, 2010 10:06 AM To: [email protected] Subject: [rhelv6-list] nscd weirdness I am seeing different output in the password field of the passwd output from 'getent' when I have nscd runnng versus when I don't: # ps -ef | grep -E 'nscd|nslcd' nscd 18126 1 0 09:42 ? 00:00:00 /usr/sbin/nscd nslcd 18206 1 0 09:44 ? 00:00:00 /usr/sbin/nslcd # getent passwd oracle oracle:*:200:200:Oracle Owner:/oracle:/usr/bin/sh # service nscd stop Stopping nscd: [ OK ] # getent passwd oracle oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh # nscd -i passwd # getent passwd oracle oracle:No_Login*****:200:200:Oracle Owner:/oracle:/usr/bin/sh # service nscd start Starting nscd: [ OK ] # getent passwd oracle oracle:*:200:200:Oracle Owner:/oracle:/usr/bin/sh As you can see, I have tried flushing the passwd cache and restarting nscd with no luck. The backend in this case is LDAP - the problem does not appear when I am getting information from an ID in /etc/passwd. Any ideas? Thanks, Kevin
_______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
