*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Linux man pages -> rpc.yppasswdd (8)              



NAME    [Toc]    [Back]

       rpc.yppasswdd - NIS password update daemon

SYNOPSIS    [Toc]    [Back]

       rpc.yppasswdd [-D directory] [-e chsh|chfn]
       rpc.yppasswdd [-s shadow] [-p passwd] [-e chsh|chfn]
       rpc.yppasswdd -x program|-E program [-e chsh|chfn]

DESCRIPTION    [Toc]    [Back]

       rpc.yppasswdd  is the RPC server that lets users change their passwords
       in the presence of NIS (a.k.a. YP). It must be run on  the  NIS	master
       server for that NIS domain.

       When  a	yppasswd(1)  client contacts the server, it sends the old user
       password along with the new one. rpc.yppasswdd will search the system's
       passwd  file  for  the specified user name, verify that the given (old)
       password matches, and update the entry. If the user specified does  not
       exist,  or if the password, UID or GID doesn't match the information in
       the password file,  the	update	request  is  rejected,	and  an  error
       returned to the client.

       If  this version of the server is compiled with the CHECKROOT=1 option,
       the password given is also checked against the systems root password.

       After updating the passwd file and returning a success notification  to
       the client, rpc.yppasswdd executes the pwupdate script that updates the
       NIS server's passwd.* and shadow.byname maps.  This script assumes  all
       NIS maps are kept in directories named /var/yp/nisdomain that each contain
 a Makefile customized for that NIS domain. If no such Makefile  is
       found, the scripts uses the generic one in /var/yp.

OPTIONS    [Toc]    [Back]

       The following options are available:

       -D directory
	      The  passwd  and	shadow	files  are located under the specified
	      directory  path.	 rpc.yppasswdd	will  use  this   files,   not
	      /etc/passwd  and /etc/shadow.  This is useful if you do not want
	      to give all users in the NIS database automatic access  to  your
	      NIS server.

       -E program
	      Instead  of rpc.yppasswdd editing the passwd & shadow files, the
	      specified program will be run to do the editing.	The  following
	      environment   variables	will   be   set   for	the   program:
	      program  should  return  an  exit status of 0 if the change completes
 successfully, 1 if the change completes successfully  but
	      pwupdate should not be run, and otherwise if the change fails.

       -p passwdfile
	      This  options tells rpc.yppasswdd to use a different source file
	      instead of /etc/passwd This is useful if you do not want to give
	      all  users  in  the  NIS	database  automatic access to your NIS

       -s shadowfile
	      This options tells rpc.yppasswdd to use a different source  file
	      instead  of  /etc/passwd	See  below  for  a brief discussion of
	      shadow support.

       -e [chsh|chfn]
	      By default, rpc.yppasswdd will not allow	users  to  change  the
	      shell or GECOS field of their passwd entry. Using the -e option,
	      you can enable either of these. Note that when enabling  support
	      for  ypchsh(1), you have to list all shells users are allowed to
	      select in /etc/shells.

       -x program
	      When the -x option is used, rpc.yppasswdd will  not  attempt  to
	      modify any files itself, but will instead run the specified program,
 passing to its stdin information about the requested operation(s).
   There is a defined protocol used to communicate with
	      this external program, which has total freedom in how it	propagates
 the change request. See below for more details on this.

       -m     Will be ignored, for compatibility with Solaris only.

       -v --version
	      Prints  the  version number and if this package is compiled with
	      the CHECKROOT option.

MISCELLANEOUS    [Toc]    [Back]

   Shadow Passwords
       Using Shadow passwords alongside NIS does  not  make  too  much	sense,
       because	the  supposedly  inaccesible  passwords  now  become  readable
       through a simple invocation of ypcat(1).

       Shadow support in rpc.yppasswdd does not mean that  it  offers  a  very
       clever  solution  to this problem, it simply means that it can read and
       write password entries in the system's shadow file.  You have  to  produce
 a shadow.byname NIS map to distribute password information to your
       NIS clients. rpc.yppasswdd will search at first in the /etc/passwd file
       for  the  user and password. If it find's the user, but the password is
       "x" and a /etc/shadow file exists, it will update the password  in  the
       shadow map.

   Use of the -x option    [Toc]    [Back]
       The  program  should  expect to read a single line from stdin, which is
       formatted as follows:

       <username> o:<oldpass> p:<password> s:<shell> g:<gcos>\n

       where any of the three fields [p, s, g] may or may not be present.

       This program should write "OK\n" to stdout if the operation  succeeded.
       On any other result, rpc.yppasswdd will report failure to the client.

       Note  that  the	program  specified by the -x option is responsible for
       doing any NIS make and build, and for doing any necessary validation on
       the  shell and gcos field information supplied.	The password passed to
       the client will be in UNIX crypt() format.

   Logging    [Toc]    [Back]
       rpc.yppasswdd logs all password update requests	to  syslogd(8)'s  auth
       facility.  The  logging	information includes the originating host's IP
       address and the user name and UID contained in the request.  The  usersupplied
 password itself is not logged.

   Security    [Toc]    [Back]
       Unless I've screwed up completely (as I did with versions prior to version
 0.5), rpc.yppasswdd should be as secure or insecure as any program
       relying	on  simple  password authentication.  If you feel that this is
       not enough, you may want to protect rpc.yppasswdd from  outside	access
       by  using  the  `securenets'  feature  of the new portmap(8) version 3.
       Better still, use Kerberos.

COPYRIGHT    [Toc]    [Back]

       rpc.yppasswdd is copyright (C) Olaf Kirch. You can use  and  distribute
       it  under  the  GNU General Public License Version 2. Note that it does
       not contain any code from the shadow password suite.

FILES    [Toc]    [Back]


SEE ALSO    [Toc]    [Back]

       passwd(5), shadow(5),  passwd(1),  yppasswd(1),	ypchsh(1),  ypchfn(1),
       ypserv(8), ypcat(1)

       The  Network Information Service (NIS) was formerly known as Sun Yellow
       Pages (YP).  The functionality of the two remains the  same;  only  the
       name  has  changed.  The name Yellow Pages is a registered trademark in
       the United Kingdom of British Telecommunications plc, and  may  not  be
       used without permission.

AUTHOR    [Toc]    [Back]

       Olaf Kirch, <okir@monad.swb.de>
       Thorsten Kukuk, <kukuk@suse.de>

				 20 April 1997		      RPC.YPPASSWDD(8)
[ Back ]
 Similar pages
Name OS Title
rpc.nispasswdd HP-UX NIS+ password update daemon
nispasswdd HP-UX NIS+ password update daemon
rpc.yppasswdd OpenBSD YP update password file daemon
yppasswdd OpenBSD YP update password file daemon
yppasswd Tru64 Update user password in Network Information Service (NIS) password map.
yppasswd IRIX update user password in NIS database
chpasswd Linux update password file in batch
pwgrd HP-UX Password and Group Hashing and Caching daemon.
rpc.yppasswdd Tru64 server daemon for modifying the Network Information Service (NIS) password file
yppasswdd Tru64 server daemon for modifying the Network Information Service (NIS) password file
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service