1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
'\" te
.\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH RPC.YPPASSWDD 8 "Aug 24, 2004"
.SH NAME
rpc.yppasswdd, yppasswdd \- server for modifying NIS password file
.SH SYNOPSIS
.LP
.nf
\fB/usr/lib/netsvc/yp/rpc.yppasswdd\fR [\fB-D\fR \fIdirectory\fR]
[\fB-nogecos\fR] [\fB-noshell\fR] [\fB-nopw\fR]
[\fB-m\fR \fIargument1\fR \fIargument2\fR...]
.fi
.LP
.nf
\fB/usr/lib/netsvc/yp/rpc.yppasswdd\fR
[\fIpasswordfile\fR [\fIadjunctfile\fR]]
[\fB-nogecos\fR] [\fB-noshell\fR] [\fB-nopw\fR]
[\fB-m\fR \fIargument1\fR \fIargument2\fR...]
.fi
.SH DESCRIPTION
.sp
.LP
\fBrpc.yppasswdd\fR is a server that handles password change requests from
\fByppasswd\fR(1). It changes a password entry in the \fBpasswd\fR,
\fBshadow\fR, and \fBsecurity/passwd.adjunct\fR files. The \fBpasswd\fR and
\fBshadow\fR files provide the basis for the \fBpasswd.byname\fR and
\fBpasswd.byuid\fR maps. The \fBpasswd.adjunct\fR file provides the basis for
the \fBpasswd.adjunct.byname\fR and \fBpasswd.adjunct.byuid\fR maps. Entries in
the \fBpasswd\fR, \fBshadow\fR or \fBpasswd.adjunct\fR files are changed only
if the password presented by \fByppasswd\fR(1) matches the encrypted password
of the entry. All password files are located in the \fBPWDIR\fR directory.
.sp
.LP
If the \fB-D\fR option is given, the \fBpasswd\fR, \fBshadow,\fR or
\fBpasswd.adjunct\fR files are placed under the directory path that is the
argument to \fB-D\fR.
.sp
.LP
If the \fB-noshell\fR, \fB-nogecos\fR or \fB-nopw\fR options are given, these
fields cannot be changed remotely using \fBchfn\fR, \fBchsh\fR, or
\fBpasswd\fR(1).
.sp
.LP
If the \fB-m\fR option is given, a \fBmake\fR(1S) is performed in \fB/var/yp\fR
after any of the \fBpasswd\fR, \fBshadow\fR, or \fBpasswd.adjunct\fR files are
modified. All arguments following the flag are passed to \fBmake\fR.
.sp
.LP
The second of the listed syntaxes is provided only for backward compatibility.
If the second syntax is used, the \fBpasswordfile\fR is the full pathname of
the password file and \fBadjunctfile\fR is the full pathname of the optional
\fBpasswd.adjunct\fR file. If a shadow file is found in the same directory as
\fBpasswordfile\fR, the \fBshadowfile\fR is used as described above. Use of
this syntax and the discovery of a \fBshadowfile\fR file generates diagnostic
output. The daemon, however, starts normally.
.sp
.LP
The first and second syntaxes are mutually exclusive. You cannot specify the
full pathname of the \fBpasswd\fR, \fBpasswd.adjunct\fR files and use the
\fB-D\fR option at the same time.
.sp
.LP
The daemon is started automatically on the master server of the passwd map by
\fBypstart\fR(8), which is invoked at boot time by the
\fBsvcs:/network/nis/server:default\fR service.
.sp
.LP
The server does not insist on the presence of a \fBshadow\fR file unless there
is no \fB-D\fR option present or the directory named with the \fB-D\fR option
is \fB/etc\fR. In addition, a \fBpasswd.adjunct\fR file is not necessary. If
the \fB-D\fR option is given, the server attempts to find a
\fBpasswd.adjunct\fR file in the \fBsecurity\fR subdirectory of the named
directory. For example, in the presence of \fB-D\fR \fB/var/yp\fR the server
checks for a \fB/var/yp/security/passwd.adjunct\fR file.
.sp
.LP
If only a \fBpasswd\fR file exists, then the encrypted password is expected in
the second field. If both a \fBpasswd\fR and a \fBpasswd.adjunct\fR file exist,
the encrypted password is expected in the second field of the adjunct file with
\fI##username\fR in the second field of the \fBpasswd\fR file. If all three
files are in use, the encrypted password is expected in the \fBshadow\fR file.
Any deviation causes a password update to fail.
.sp
.LP
If you remove or add a \fBshadow\fR or \fBpasswd.adjunct\fR file after
\fBrpc.yppasswdd\fR has started, you must stop and restart the daemon to enable
it to recognize the change. See \fBypstart\fR(8) for information on restarting
the daemon.
.sp
.LP
The \fBrpc.yppasswdd\fR daemon considers a shell that has a name that begins
with 'r' to be a restricted shell. By default, the daemon does not check
whether a shell begins with an '\fBr\fR'. However, you can tell it to do so by
uncommenting the \fBcheck_restricted_shell_name=1\fR line in
\fB/etc/default/yppasswdd\fR. The result will be to restrict a user's ability
to change from his default shell. See \fByppasswdd\fR(5).
.sp
.LP
On start up, \fByppasswdd\fR checks for the existence of a NIS to LDAP (N2L)
configuration file, \fB/var/yp/NISLDAPmapping\fR. If the configuration file is
present, the daemon runs in N2L mode. If the file is not present,
\fByppasswdd\fR runs in traditional, non-N2L mode.
.sp
.LP
In N2L mode, changes are written directly to the Directory Information Tree
(DIT). If the changes are written successfully, the NIS map is updated. The NIS
source files, \fBpasswd\fR, \fBshadow\fR, and \fBpasswd.adjunct\fR, for
example, are not updated. Thus, in N2L mode, the \fB-D\fR option is
meaningless. In N2L mode, \fByppasswdd\fR propagates changes by calling
\fByppush\fR(8) instead of \fBypmake\fR(8). The \fB-m\fR option is thus
unused.
.sp
.LP
During an NIS-to-LDAP transition, the \fByppasswdd\fR daemon uses the
N2L-specific map, \fBageing.byname\fR, to read and write password aging
information to the DIT. If you are not using password aging, then the
\fBageing.byname\fR mapping is ignored.
.SH SEE ALSO
.sp
.LP
.BR passwd (1),
.BR svcs (1),
.BR yppasswd (1),
.BR make (1S),
.BR NISLDAPmapping (5),
.BR passwd (5),
.BR shadow (5),
.BR ypfiles (5),
.BR yppasswdd (5),
.BR ypserv (5),
.BR attributes (7),
.BR smf (7),
.BR inetd (8),
.BR svcadm (8),
.BR ypmake (8),
.BR yppush (8),
.BR ypstart (8)
.SH NOTES
.sp
.LP
If \fBmake\fR has not been installed and the \fB-m\fR option is given, the
daemon outputs a warning and proceeds, effectively ignoring the \fB-m\fR flag.
.sp
.LP
When using the \fB-D\fR option, you should make sure that the \fBPWDIR\fR of
the \fB/var/yp/Makefile\fR is set accordingly.
.sp
.LP
The second listed syntax is supplied only for backward compatibility and might
be removed in a future release of this daemon.
.sp
.LP
The Network Information Service (\fBNIS\fR) was formerly known as Sun Yellow
Pages (\fBYP\fR). The functionality of the two remains the same; only the name
has changed. The name Yellow Pages is a registered trademark in the United
Kingdom of British Telecommunications PLC, and cannot be used without
permission.
.sp
.LP
The NIS server service is managed by the service management facility,
\fBsmf\fR(7), under the service identifier:
.sp
.in +2
.nf
svcs:/network/nis/server:default
.fi
.in -2
.sp
.sp
.LP
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using \fBsvcadm\fR(8). The service's
status can be queried using the \fBsvcs\fR(1) command.
|
