chris@asylum.gsfc.nasa.gov (Chris Shenton) (11/17/90)
Some of my users cannot login to xdm, although they can rlogin to the node. Other users (eg: me) have no problems with either. Any ideas? -- chris@asylum.gsfc.nasa.gov, ...!uunet!asylum.gsfc.nasa.gov!chris, PITCH::CHRIS
rand@HWCAE.CFSAT.HONEYWELL.COM (Douglas K. Rand) (11/17/90)
From: chris%dftsrv.uucp@ames.arc.nasa.gov (Chris Shenton) 16 Nov 90 20:55:37 GMT > Some of my users cannot login to xdm, although they can rlogin to the node. > Other users (eg: me) have no problems with either. Any ideas? > [...] If you are running a registry that is writable from SR10 you may have a problem that I found in trying to audit user's passwords. If the password was last changed at SR9.7 (or before) Apollo did not use the standard Unix crypt(3) system call to encrypt the password. The way to check it is taking a look at the /etc/passwd file and if the length of the encrypted password field is 14 characters, it was probably last set with 9.7. If it is 13 characters long, it was set with 10.x. UNIX encrypted passwords are 13 characters long. If xdm is using the crypt(3) call to encrypt the user's password for verification at login time, and the password was last set with SR9.7, then it will always fail. This is because the UNIX crypt(3) call returns 13 characters, and the /etc/passwd file reports 14 characters, failing the string compare. Our solution was to set up a 30 day expiration on all passwords, forcing the users to change them. They complained, but we got it done. I'm curious, are you running Apollo's xdm (ie. X11R3) or the one from Adus (X11R4)? I would have thought that HP/Apollo would have replaced these calls with the login_$... stuff that interfaces with the registry. Using these (undocumented!) calls removes this problem because the registry calls different encryption routines for you. (Of course, I could be wrong!) Hope this was a help. -- Douglas Keenan Rand Honeywell -- Air Transport Systems Division Phone: +1 602 869 2814 US Snail: P.O. Box 21111 Phoenix AZ 85036 Internet: @cim-vax.honeywell.com:rand@hwcae.cfsat.honeywell.com UUCP: ...!uunet!hpfce!apciphx!hwcae!rand "Why would Honeywell want to be responsible for _my_ options?"
appel@ocf.Berkeley.EDU (Shannon D. Appel) (11/18/90)
Using Apollo's xdm, we had the same problem for a while. It turns out that the Apollo xdm seems to match the entire string against the 8 letters of the actual password. The solution seems to be to only type in the first 8 letters of the password. The real solution? Who knows....