Hello,

I have a question, maybe it's not very important or only a side effect
of something but I'm really puzzled by this...

I have a nice NIS+ domain. I have a disabled user in it, disabled
because let's say it has no password. The passwd.org_dir entry will
have in this case NP in the password field. Maybe it's locked and will
have *LK*, nevermind.

I'm trying to reenable it and set a new password with the following
perl script (attached below)
Basically it reads the passwd table entry, crypts the new password,
puts it back, and sets also the credentials. The script succeeds, the
user is enabled and able to use its new password. However, when I look
in the passwd table again (nismatch), I see always the encrypted
password keeping the first two characters of the previous value!

Like if the old was NP, the new one will be NPHJ/hbj87g65, if the old
was *LK* the new will be *LHJ/hbj87g65 and such (yes, a password with
a star in front can be perfectly valid). Even with a user with a
previously valid password, like nThiuh75vh the new one will be
nTJ/hbj87g65 What does this mean??? Am I misunderstanding something,
and using the salt for crypt in a wrong way?

Because if I use the normal 'passwd -r nisplus user' interactive
command, the same password gets another encryption. I repeat, both
methods give usable passwords, but with different encryptions, one
sillier...

Thank you,
S

-------perl script, receives as arguments $user, $uid, $domain and
$password--------

open(PWF, "nismatch $user passwd.org_dir |") || die "nismatch $user
failed\n";
@userdesc = split(/:/,<PWF>);
close(PWF);
die "$user not found\n" unless @userdesc[0] ne "";
$salt = substr(@userdesc[1], 0, 2);
$salt = "cq" if length($salt) < 2;
$encryptedpwd = crypt($password, $salt);
$cmd = "nistbladm -e passwd=$encryptedpwd
\[name=$user\],passwd.org_dir.$domain.";
die "Password setting failed\n" unless system($cmd) == 0;
$cmd = "nisaddcred -l $password -p unix.$uid\@$domain -P $user.$domain
des $domain";
die "DES setting failed\n" unless system($cmd) == 0;