Path: utzoo!utgpu!water!watmath!clyde!rutgers!umd5!decuac!felix!zemon From: dietrich@cernvax.UUCP (Dietrich Wiegandt) Newsgroups: comp.unix.ultrix Subject: Ris and the su password Message-ID: <18464@felix.UUCP> Date: 12 Jan 88 04:04:18 GMT Sender: zemon@felix.UUCP Reply-To: dietrich@cernvax.UUCP (Dietrich Wiegandt) Organization: CERN European Laboratory for Particle Physics, CH-1211 Geneva, Switzerland Lines: 45 Approved: zemon@felix.UUCP Reply-Path: Ultrix 2.0 contains this very nice feature called RIS, which allows you to install Ultrix systems on a remote 'client' machines from a 'server' machine over Ethernet. To protect against misuse, any modification of the setup on the server requires a) that you invoke the 'ris' command being super-user b) that you type in the super-user password on request by ris. Now here comes the glitch: Ris apparently memorizes the -hopefully- encrypted super-user password typed in at ris installation time. However, as you all know, it is good practice to change the super-user password from time to time. This unfortunately makes 'ris' unusable, because when ris requests the super-user password and you type in the valid one, it returns you to the su-prompt without delay, i.e. it exits silently. When you type in any other password, including the one that was valid at installation time, it acknowledges your attempt with "Sorry\n" before exiting. The only way we were able to add a new client machine for ris services was to temporarily reinstall the super-user password which was valid at ris installation time. This procedure seems to be a bit awkward, taking into account that a modification of the root password can only be done on a secure terminal, which in many cases is only the system console. In our case, this console is in a separate building in an access-protected computer centre. So far our local DEC software support, who has been quite helpful on other occasions, has remained silent. Any solutions out there, netlanders? Are you listening, DEC? Dietrich Wiegandt CERN DD-Division CH-1211 Geneva, Switzerland ..!uunet!mcvax!cernvax!dietrich dietrich@cernvax.bitnet