RPC.YPPASSWDD(8) Maintenance Commands and Procedures RPC.YPPASSWDD(8)

NAME


rpc.yppasswdd, yppasswdd - server for modifying NIS password file

SYNOPSIS


/usr/lib/netsvc/yp/rpc.yppasswdd [-D directory]
[-nogecos] [-noshell] [-nopw]
[-m argument1 argument2...]


/usr/lib/netsvc/yp/rpc.yppasswdd
[passwordfile [adjunctfile]]
[-nogecos] [-noshell] [-nopw]
[-m argument1 argument2...]


DESCRIPTION


rpc.yppasswdd is a server that handles password change requests from
yppasswd(1). It changes a password entry in the passwd, shadow, and
security/passwd.adjunct files. The passwd and shadow files provide
the basis for the passwd.byname and passwd.byuid maps. The
passwd.adjunct file provides the basis for the passwd.adjunct.byname
and passwd.adjunct.byuid maps. Entries in the passwd, shadow or
passwd.adjunct files are changed only if the password presented by
yppasswd(1) matches the encrypted password of the entry. All password
files are located in the PWDIR directory.


If the -D option is given, the passwd, shadow, or passwd.adjunct
files are placed under the directory path that is the argument to -D.


If the -noshell, -nogecos or -nopw options are given, these fields
cannot be changed remotely using chfn, chsh, or passwd(1).


If the -m option is given, a make(1S) is performed in /var/yp after
any of the passwd, shadow, or passwd.adjunct files are modified. All
arguments following the flag are passed to make.


The second of the listed syntaxes is provided only for backward
compatibility. If the second syntax is used, the passwordfile is the
full pathname of the password file and adjunctfile is the full
pathname of the optional passwd.adjunct file. If a shadow file is
found in the same directory as passwordfile, the shadowfile is used
as described above. Use of this syntax and the discovery of a
shadowfile file generates diagnostic output. The daemon, however,
starts normally.


The first and second syntaxes are mutually exclusive. You cannot
specify the full pathname of the passwd, passwd.adjunct files and use
the -D option at the same time.


The daemon is started automatically on the master server of the
passwd map by ypstart(8), which is invoked at boot time by the
svcs:/network/nis/server:default service.


The server does not insist on the presence of a shadow file unless
there is no -D option present or the directory named with the -D
option is /etc. In addition, a passwd.adjunct file is not necessary.
If the -D option is given, the server attempts to find a
passwd.adjunct file in the security subdirectory of the named
directory. For example, in the presence of -D /var/yp the server
checks for a /var/yp/security/passwd.adjunct file.


If only a passwd file exists, then the encrypted password is expected
in the second field. If both a passwd and a passwd.adjunct file
exist, the encrypted password is expected in the second field of the
adjunct file with ##username in the second field of the passwd file.
If all three files are in use, the encrypted password is expected in
the shadow file. Any deviation causes a password update to fail.


If you remove or add a shadow or passwd.adjunct file after
rpc.yppasswdd has started, you must stop and restart the daemon to
enable it to recognize the change. See ypstart(8) for information on
restarting the daemon.


The rpc.yppasswdd daemon considers a shell that has a name that
begins with 'r' to be a restricted shell. By default, the daemon does
not check whether a shell begins with an 'r'. However, you can tell
it to do so by uncommenting the check_restricted_shell_name=1 line in
/etc/default/yppasswdd. The result will be to restrict a user's
ability to change from his default shell. See yppasswdd(5).


On start up, yppasswdd checks for the existence of a NIS to LDAP
(N2L) configuration file, /var/yp/NISLDAPmapping. If the
configuration file is present, the daemon runs in N2L mode. If the
file is not present, yppasswdd runs in traditional, non-N2L mode.


In N2L mode, changes are written directly to the Directory
Information Tree (DIT). If the changes are written successfully, the
NIS map is updated. The NIS source files, passwd, shadow, and
passwd.adjunct, for example, are not updated. Thus, in N2L mode, the
-D option is meaningless. In N2L mode, yppasswdd propagates changes
by calling yppush(8) instead of ypmake(8). The -m option is thus
unused.


During an NIS-to-LDAP transition, the yppasswdd daemon uses the N2L-
specific map, ageing.byname, to read and write password aging
information to the DIT. If you are not using password aging, then the
ageing.byname mapping is ignored.

SEE ALSO


passwd(1), svcs(1), yppasswd(1), make(1S), NISLDAPmapping(5),
passwd(5), shadow(5), ypfiles(5), yppasswdd(5), ypserv(5),
attributes(7), smf(7), inetd(8), svcadm(8), ypmake(8), yppush(8),
ypstart(8)

NOTES


If make has not been installed and the -m option is given, the daemon
outputs a warning and proceeds, effectively ignoring the -m flag.


When using the -D option, you should make sure that the PWDIR of the
/var/yp/Makefile is set accordingly.


The second listed syntax is supplied only for backward compatibility
and might be removed in a future release of this daemon.


The Network Information Service (NIS) was formerly known as Sun
Yellow Pages (YP). The functionality of the two remains the same;
only the name has changed. The name Yellow Pages is a registered
trademark in the United Kingdom of British Telecommunications PLC,
and cannot be used without permission.


The NIS server service is managed by the service management facility,
smf(7), under the service identifier:

svcs:/network/nis/server:default


Administrative actions on this service, such as enabling, disabling,
or requesting restart, can be performed using svcadm(8). The
service's status can be queried using the svcs(1) command.

August 24, 2004 RPC.YPPASSWDD(8)
tribblix@gmail.com :: GitHub :: Privacy