Patch Name: PHNE_18756 Patch Description: s700_800 10.26 yppasswd(1) cumulative patch Creation Date: 99/07/17 Post Date: 99/07/22 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: BLS.BLS-ENG-A-MAN CMW.CMW-CORE NFS.NFS-ENG-A-MAN NFS.NIS-CLIENT Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_18756 Symptoms: PHNE_18756: Add a new SmartCard hook for yppasswd which is described as Function Prototype: extern ulong smartcard_PWcrstring( char *username, char *oldpasswd, char *newpasswd, char **CRstring ) Arguments: username input:username of the account oldpasswd input:existing(current) password of account(NULL for new accounts) newpasswd input:new password of account CRstring output:smart card generated CR-string without writing on the caard Return value: 0 Smart card authentication succeeded 1 Smart caard is not present in the reader 2 Failure, user name does not match what's on the card PHNE_18366: the passwd and yppasswd user commands and the trusted path password option did not enforce the constraints uniformly PHNE_17557: If you attempt to change a local account's password with yppasswd, it will try to change your password. PHSS_17385: The password changer program incorrectly shows NIS users in the list of local accounts. Defect Description: PHNE_18756: Changes to yppasswd to support smartcard. The password changing commands need to know CRString for a new password to perform the password history checks. Currently, these commands are invoking smartcard_PWchange() twice in succession to achieve this functionality. The first invocation sets the new password and the second invocation restores the old password. This is just a workaround which is causing problem in developing the Smartcard hook library. Resolution Added a new hook in the libSmartCard library to get the CRstring for a new passwword without writing into the SmartCard. All the commands which change the user passwords has been modified to to invoke the hook. PHNE_18366: The different means of changing passwords were not consistent. Resolution: The correct behavior was determined in accordance with the man pages and then the password verifiers were modified to match this specification. PHNE_17557: Improper parameter passing Resolution: Fix parameter passing PHSS_17385: Password manager shows all accounts for the list of local accounts. Resolution: Remove NIS accounts from the local account list. SR: 1653308627 1653309872 Patch Files: /usr/bin/yppasswd /usr/bin/X11/XPasswdMgr /usr/share/man/man1.Z/yppasswd.1 what(1) Output: /usr/bin/yppasswd: 1999/07/15 Hewlett-Packard HP-UX 10.26 TOS [ ic5cv - DAV17 ] 99/06/25 services/NFS/cmds/usr.bin/ypprpasswd.c, hpu x, hpux_10.26, ic5cv Revision 1.17 PATCH_10. 26 (PHNE_18756) /usr/bin/X11/XPasswdMgr: 1999/07/15 Hewlett-Packard HP-UX 10.26 TOS [ ic5cv - DAV17 ] 99/07/12 x11r6/clients/xpasswdmgr/PassAuth.c, xclien t, hpux_10.26, ic5cv Revision 1.6 PATCH_10.2 6 (PHNE_18756) 99/07/15 x11r6/clients/xpasswdmgr/PassChange.c, xcli ent, hpux_10.26, ic5cv Revision 1.9 PATCH_10 .26 (PHNE_18366) 99/07/15 x11r6/clients/xpasswdmgr/PassMgr.c, xclient , hpux_10.26, ic5cv Revision 1.4 PATCH_10.26 (PHNE_18366) 99/07/15 x11r6/clients/xpasswdmgr/PassUser.c, xclien t, hpux_10.26, ic5cv Revision 1.5 PATCH_10.2 6 (PHSS_17385) 99/06/25 x11r6/clients/xpasswdmgr/PassVerify.c, xcli ent, hpux_10.26, ic5cv Revision 1.10 PATCH_1 0.26 (PHNE_18756) X Window System, Version 11 HP-UX 10.0 SRC_IC3 R5+ (build date: Fri Jul 16 00:12:08 PDT 1999) /usr/share/man/man1.Z/yppasswd.1: None cksum(1) Output: 3821463110 32768 /usr/bin/yppasswd 3126318163 110592 /usr/bin/X11/XPasswdMgr 371983380 3919 /usr/share/man/man1.Z/yppasswd.1 Patch Conflicts: None Patch Dependencies: s700: 10.26: PHCO_19042 s800: 10.26: PHCO_19042 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_18366 PHNE_17557 PHSS_17385 Equivalent Patches: None Patch Package Size: 200 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_18756 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_18756.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_18756. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_18756.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_18756.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None