agq@itd1.dsto.oz (Ashley Quick) (09/06/90)
Something which may be of interest to those who wish to use PC NFS with an Apollo running the Authentication Server (PCNFSD). The SUN PC NFS authentication server is distributed on floppy with every copy of PC NFS. This is supposed to run on BSD 4.2 systems, and the Apollo is no exception, if you can get hold of the sun RPC files. Our system people were able to obtain these files, and compiled the PC NFS authentication server. It compiles without problems. When I came to use the server, it would NOT authenticate my password. Problem 1. --------- Not authenticating the password happens if you canverted from SR9 to SR10 and did not change your password afterwards. The reason is that the registry saves the passwords with a different encryption under SR10, but has an SR 9 compatability mode. When the resistry dishes up the /etc/passwd file, the encrypted password in it is wrong. Solution: Change you password under SR10. You can even change it to the same password (to fix the encrypted /etc/passwd) and all will work. Next problem: I could not change my password. The chpass and passwd commands would either sit for hours or return wierd error messages. The only cure was to kill the PCNFSD process, and reboot the master registry machine! Problem 2 --------- It seems that the type manager for the /etc/passwd file locks up the registry if the /etc/passwd file is not closed when you finish with it. This means that opening /etc/passwd causes the registry to dish up the UNIX-ish file, but the registry cannot then do anything. (Though sometimes it can - it just goes unreliable). The PCNFSD source code supplied makes a call to a routine "getpwnam", and the manual page states that this routine returns the entry from the password file, OPENING THE FILE IF NECESSARY. It does not claim to close the file afterwards. There is a routine, "endpwent" which closes the file. To fix the PFNFSD, insert a line in routine "authproc", (rougly line 490) after the call to "getpwnam(...)", which looks like: endpwent(); This will close the passwd file after every authentication attempt. After making the change to this file, and recompiliing, I can now authenticate on the PC, and change my password on the apollo, and all is well. This all raises a few intersting points: 1. PCNFSD is not supported by Apollo, so there is no point complaining to them, and fair enough. 2. There does seem to be a problem with the registry getting locked up if /etc/passwd is not closed. 3. Why doesnt PCNFSD cause problems on SUN machines? Surely it must be impossible for the admin to add/change users if the password file is locked? I KNOW you can do wierd and wonderful things under UNIX like deleting a file somebody has open for reading, (which seems silly to me but I suppose there are good reasons), but it is hard to believe that even if the file could be modified, the PCNFSD could keep running having opened the file and not closed it, then have the file deleted!!!!! 4. Therefore, this should really be classed as a bug in PCNFSD, as supplied by SUN. Making the simple change above WOULD HAVE NO EFFECT ON THE USE OF THE PROGRAM ON ANY OTHER MAKERS MACHINES. Anyhow, those of you who wish to use PC NFS to an Apollo may care to implement this "fix", just to ensure you dont have future problems. (Ours was unreliable but sometimes usable!). BTW: PC NFS can break programs on the PC (running off into happy land, never to be seen again.) Also, its performance is not very good - but is highly host dependant. My benchmarking shows there is not much difference between a DN3000 (SR10) and a SUN 3/280 in performance. (There may be a bit in price, though!!!!) From what I can see, the Apollo NFS implementation is pretty good! (It is also interesting if you export the network root, then type something like this on your PC: NET USE E: \\APOLLO-NET\\NODE-NAME\USERS\MY-NAME [note the two lots of reverse slashes! It works!!!!!!]) Ashleigh Quick Defence Science and Technology Organisation PO BOX 1600 Salisbury 5108 Australia. AGQ@dstos3.dsto.oz.au [I wish I could do some work instead of fixing computers - this is just a sideline!]