No replies
1 Post

Pinned topic NIS APIs and stale user credentials

‏2011-04-15T20:05:53Z |
I'm wondering if anyone has experience with using NIS APIs to support user authentication and password change. I've encountered a problem that I can work around, but it seems like there must be a better solution.

My server application provides various services to users, including password change. In a NIS environment, if a user seeks to change their password, our code calls yppasswd() and this works OK. The problem is, if we subsequently try to authenticate the same user with the new password, the authentication often fails until several tens of seconds (maybe minutes) have passed. In the interim, it seems that calls to yp_match() return the old password, not the new password. However, if I shell out and invoke the command line utility ypmatch, this returns the new credentials. So I'm thinking that there must be some sort of cache that is maintained by the NIS libraries in my server's process that needs to be purged, but I have not found any way to do that. We see this behavior on AIX 5.3, AIX 6.1, HP-UX 11.21, HP-UX 11.31.

Does anyone have experience with this issue?