PROBLEM: (QAR 46281) (Patch ID: OSF410DX-400005) ******** Using the Modify Selected Users dialog box, if you changed a set of users to be NIS Override users, then the icons for those users were updated to reflect the change but the usernames in all the dialog box drop-down lists were not updated. Specifically, the icons would be updated to have the "+" or "-" indicator for the user but the user's name was not changed to "user (+)" or "user (-)" in the drop-down lists. The most noticeable symptom of this bug is a warning message printed to stdout when double clicking on one of the modified users: Warning: DtComboBoxWidget: Unable to find item to select (DtComboBoxSelectItem). PROBLEM: (QAR 48189) (Patch ID: OSF410DX-400005) ******** When running on an NIS master, using the Secondary Groups subdialog of the Modify Selected NIS Users dialog box would not add the selected users to NIS groups - only local groups. For example, if you selected user1 and user2 and used the Secondary Groups dialog to add them as members of group "users" and group "staff (NIS)", they would not be added as members of "staff" in /var/yp/src/group. PROBLEM: (QAR 48190) (Patch ID: OSF410DX-400005) ******** A related problem to 48189 above. If NIS is in use, then attempting to use the Modify Selected Users dialogs to change the primary group for the selected users would result in the error: Group does not exists When the primary group was a NIS group. PROBLEM: (QAR 48191) (Patch ID: OSF410DX-400005) ******** If you attempt to change the primary group of a selected set of users using ModifySelected dialog, the primary group of the users does not change. However if you bring up the options dialog up by clicking the 'Options' button and click Apply/Ok, the primary group all the selected users is changed. PROBLEM: (QAR 50998) (Patch ID: OSF410DX-400005) ******** On an Enhanced Security (C2) system, when adding a new user, the password field in /etc/passwd is empty instead of being set to an asterisk ("*"). This is not a security issue for login authentication but can be a security issue for third party software that does not use Security Integration Architecture (SIA) function calls. Such software ignores the protected password database and uses only /etc/passwd for password checking. PROBLEM: (QAR 49141) (Patch ID: OSF410DX-400005) ******** Dxaccounts would crash if you brought up a dialog from specific view, changed to a different view and then OK'd that dialog. For example, if you brought up the Create/Modify User dialog, chose View/Local Groups to switch the main window to the Local Groups view, and then pressed OK in the Create/Modify User dialog, dxaccounts would crash. PROBLEM: (QAR 49386) (Patch ID: OSF410DX-400005) ******** While adding/modifying a user or group, the UID or GID entered was not being validated against the user-defined minimums and maximums set in the General Options dialog box. PROBLEM: (QAR 39332) (Patch ID: OSF410DX-400005) ******** Running two conncurrent instances of the account management commands is not supported. This restriction applies to the dxaccounts graphical user interface and the useradd, usermod, userdel, groupadd, groupmod, and groupdel commands. This restriction was release noted for DIGITAL UNIX V4.0 and it is now enforced in the software. In order to prevent concurrent access, each account management command creates a lock file at startup called /etc/.AM_is_running. If any of the commands are terminated abnormally (e.g. kill -9) then this lock file will not be deleted and future command invocations will refuse to run with the error message: The password and group files are currently locked by another user. Please try again later. This message means that the account database files are either legitimately locked OR one of the commands terminated abnormally leaving an /etc/.AM_is_running lock file. If no other root users are using the account management commands, simply delete the lock file. PROBLEM: (QAR 47383) (Patch ID: OSF410DX-400005) ******** If NIS is not running on a system, then the Account Manager incorrectly tries to access the NIS databases. This happens when the system administrator uses the Modify Selected Users or Groups dialog boxes. An error dialog box with an empty list is displayed that looked like: Account Manager Error List: --------------------------- Error accessing a system database file: Please correct this error and restart Account Manager. [OK] PROBLEM: (QAR 48221) (Patch ID: OSF410DX-400005) ******** When running the Account Manager on an Enhanced Security (C2) system, the "Remove User's Directory and Files" toggle button was ignored when a single user is retired using the Retire dialog box. The users directory would not be deleted. Only if multiple users were selected would the toggle button be honored. PROBLEM: (QAR 46468) (Patch ID: OSF410DX-400005) ******** When running the Account Manager on an Enhanced Security (C2) system, immediately deleting a newly created template would cause a crash. PROBLEM: (QAR 46730) (Patch ID: OSF410DX-400005) ******** When using useradd on an Enhanced Security (C2) system, the administrative_lock_applied flag is set unconditionally. Also, the usermod command ignored the administrative_lock_applied flag so the account could not be unlocked without using the dxaccounts graphical user interface or the edauth command. Now useradd honors the default setting of the administrative_lock_applied flag. Specifying the flag on the command line will override the default setting. Note that defaults are set using the -D option to usermod. Also, usermod now correctly honors the administrative_lock_applied flag. PROBLEM: (QAR 44966) (Patch ID: OSF410DX-400005) ******** When using usermod on an Enhanced Security (C2) system, the -e and -f flags were not honored. See the man page for a detailed description of these flags. PROBLEM: (QAR 46916) (Patch ID: OSF410DX-400005) ******** Using usermod -G to add a user to several groups would not add the user to all the specified groups. Sample command: usermod user -G group1,group2,group3 PROBLEM: (Patch ID: OSF410DX-400005) ******** While printing the accounts defaults using 'usermod -D', the inactive- interval (i.e the maximum number of days allowed between usage of a login ID before that login ID is declared invalid) was incorrectly printed as a date instead of an interval. PROBLEM: (QAR 47123) (Patch ID: OSF410DX-400005) ******** Using "groupadd -g" to add a new group would crash and the group would not get added if the directory /var/yp/src did not exist. PROBLEM: (QAR 52127) (Patch ID: OSF410DX-400008) ******** When adding a new user using /usr/bin/X11/dxaccounts or /usr/sbin/useradd, if the account is created with a home directory of "/" then the permissions on / are changed to 700. This renders the root file system inaccessible to non-root users. Note that the persmissions are changed despite the error message that is displayed: Errors encountered while adding the user: foo Cannot create user's home directory Home directory already exists Initial files not copied to home directory The new behavior is to not change the permissions on a new user's home directory if that directory already exists. PROBLEM: (QAR 52042) (Patch ID: OSF410DX-400008) ******** The previous patch kit, DIGITAL UNIX 4.0B Patch Kit 1, caused a problem with the System V Environment (SVE) password command /usr/opt/svr4/usr/bin/passwd. If the user enters an invalid password then subsequent invocations of the passwd command, /usr/bin/X11/dxaccounts, or the account management commands would fail with the following error: The password and group files are currently locked by another user. The problem was that the /etc/.AM_is_running lock file used by the account managment commands was not being deleted properly. PROBLEM: (QAR 52479) (Patch ID: OSF410DX-400010) ******** When the a NIS-group entry in /var/yp/src/group file exceeds 256 characters, certain functions performed in dxaccounts (such as locking or unlocking an NIS/C2 user account) will split up the large group in the /var/yp/src/group file into several smaller groups. Each of these smaller groups has the same group name and the same group id as the original large group. As a result, users that are put in subsequent occurences of the group don't actually get recognized as members of the group. This is causing severe problems in users' environment, causing a majority of the users to not have proper access to files, directories and applications and also causes the newgrp command to fail. The current fix allows NIS-group entries upto 1000 characters. If any entry exceeds 1000 characters while creating or modifying a group, the Account Manager will print an error message stating that the nis group must be split into severel groups of lengths less than 1000 characters with group members evenly distributed among these groups, the groupname must be in the format _1, _2 etc and the id of all these groups must be the same as the original group. PROBLEM: (QAR 55628) (Patch ID: OSF410-400013) ******** When Enhanced Security is enabled, the useradd and usermod commands incorrectly set the password expired and password lifetime attributes to 0 when they are not specified on the command line. PROBLEM: (QAR 56337) (Patch ID: OSF410-400013) ******** When Enhanced Security is enabled, the administrative_lock_applied command line options for useradd and usermod did not correctly set the lock attribute for an account. Accounts would remain locked if unlocking or remain unlocked if locking. PROBLEM: (QAR 56353) (Patch ID: OSF410-400013) ******** When Enhanced Security is enabled, the userdel command removes an account from the /etc/passwd file, but does not remove it from the protected password data- base. The userdel command when Enhanced Security is enable should retire accounts, not remove them from the /etc/passwd file. PROBLEM: (QAR 54457) (Patch ID: OSF410DX-405004) ******** When issuing a useradd -D or usermod -D command to view the account manager default values, the value for Inactive (days) would show the character 's' when the Inactive days status has been defeated with a -1 value. The field value should be blank instead of showing an 's'. PROBLEM: (QAR 43473) (Patch ID: OSF410DX-405003) ******** When modifying an existing NIS "+" or NIS "-" user account by turning off the NIS Overrides toggle, the User ID field is incorrectly set to 0 PROBLEM: (QAR 59086) (Patch ID: OSF410DX-405003) ******** While addimg a NIS "+" or NIS "-" user, dxaccounts requires a password and also the home-directory is owned by root. PROBLEM: (60842) (Patch ID: OSF410DX-405005) ******** This patch fixes a problem where Dxaccounts allows the ':' character to be accepted in the user shell, home directory, fullname, office, office phone, and home phone fields. This caused the /etc/passwd file to become corrupted. If a ':' character is found, an error message is displayed and the account is not added or modified. PROBLEM: (QAR 63167) (Patch ID: OSF410DX-405007) ******** This patch fixes the problem where usermod -g will lock the user account if it is unlocked. PROBLEM: (BCPM61V56) (Patch ID: OSF410DX-405008) ******** This patch fixes a problem where the account manager graphical interface (dxaccounts) will core dump on systems running enhanced security when performing a "Find Local User..." or "Find NIS User..." operation in which "Secondary Groups" is the only search criteria that has been specified. PROBLEM: (BCGM51CFG) (Patch ID: OSF410DX-405006) ******** This patch fixes a problem using templates for preexpired passwords. When the administrator creates a template and within the template chooses force password change at the next login, the user is NOT being asked to change his password as he should. PROBLEM: (64020) (Patch ID: OSF410DX-405010) ******** This patch fixes a problem where a large number of shells in /etc/shells (greater than 10) can cause dxaccounts to coredump or have unpredictable behavior.