[comp.unix.ultrix] Ris and the su password

dietrich@cernvax.UUCP (Dietrich Wiegandt) (01/12/88)

Ultrix 2.0 contains this very nice feature called RIS, which allows you to
install Ultrix systems on a remote 'client' machines from a 'server'
machine over Ethernet.  To protect against misuse, any modification of the
setup on the server requires

	a) that you invoke the 'ris' command being super-user
	b) that you type in the super-user password on request by ris.

Now here comes the glitch:

Ris apparently memorizes the -hopefully- encrypted super-user password
typed in at ris installation time.
However, as you all know, it is good practice to change the super-user
password from time to time.

This unfortunately makes 'ris' unusable, because when ris requests
the super-user password and you type in the valid one, it returns you to
the su-prompt without delay, i.e. it exits silently.

When you type in any other password, including the one that was valid at
installation time, it acknowledges your attempt with "Sorry\n" before
exiting.

The only way we were able to add a new client machine for ris services was
to temporarily reinstall the super-user password which was valid at ris
installation time.

This procedure seems to be a bit awkward, taking into account that a
modification of the root password can only be done on a secure terminal,
which in many cases is only the system console.  In our case, this console
is in a separate building in an access-protected computer centre.

So far our local DEC software support, who has been quite helpful on
other occasions, has remained silent.

Any solutions out there, netlanders? Are you listening, DEC?


Dietrich Wiegandt
CERN DD-Division
CH-1211 Geneva, Switzerland

..!uunet!mcvax!cernvax!dietrich
dietrich@cernvax.bitnet

dietrich@cernvax.UUCP (Dietrich Wiegandt) (01/19/88)

Apologies.  I realized when I got mail from Fred Avolio at DEC (thank you,
Fred) that he could not reproduce the problem that our root password was
the culprit.

It contained a Ctrl-C and hence RIS exited when the password was typed in.

Moral: a) Think twice (at least) before you post an article describing your
	  problem

       b) Beware of control characters in passwords, at least of those that
	  can be interpreted in some way.


	Dietrich Wiegandt
	CERN DD-Division
CH-1211 Geneva 23, Switzerland