- Issued:
- 2004-04-21
- Updated:
- 2004-04-21
RHEA-2004:168 - Product Enhancement Advisory
Synopsis
Updated glibc includes NIS enhancements
Type/Severity
Product Enhancement Advisory
Topic
Updated glibc packages that include enhancements related to NIS are now
available.
Description
The GNU libc package (known as glibc) contains the standard C libraries
used by applications.
The Network Information Service (NIS) is a system that provides
network information (login names, passwords, home directories, group
information) to all of the machines on a network. NIS can allow users
to log in on any machine on the network, as long as the machine has
the NIS client programs running and the user's password is recorded in
the NIS passwd database. NIS was formerly known as Sun Yellow Pages
(YP).
To speed login when NIS is used, it is now possible to request the use of
the netid.byname map. This map is traditionally not used for this purpose,
but usually contains the necessary information and is generated by default
on recent Linux and Solaris NIS servers.
To enable this feature, find the following line in /etc/default/nss:
# NETID_AUTHORITATIVE=TRUE
Next, use a text editor to remove the leading '#' character, saving your
changes when done.
Note:
The runtime does not perform cross-checks of the content of the
netid.byname map; this is the system administrator's responsibility.
It is also possible to improve NIS performance by using the
services.byservicename map. If this map exists and has been built properly,
its use can be enabled by the following setting in /etc/default/nss:
SERVICES_AUTHORITATIVE=TRUE
The services.byservicename map must contain both names of services and
aliases as keys, both without protocol specified and with protocol. The
original Red Hat Enterprise Linux 3 NIS server does not create such
services.byservicename map, but ypserv included in this errata and at least
more recent Solaris NIS servers provide properly-built
services.byservicename maps.
The shadow-utils package has been updated, so that /etc/default/nss file is
readable even for normal users. Previously, the restrictive permissions on
/etc/default disallowed it.
Users that wish to improve NIS performance should upgrade to these updated
packages, and take the steps outlined above.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
Fixes
- BZ - 103576 - RHEL 2.1 U4: Modify behavior of getservbyname() to be more efficient when no protocol is specified and service name is being pulled from NIS.
- BZ - 118338 - NETID_AUTHORITATIVE functionality in glibc
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.