prpasswdd(8) [osf1 man page]
prpasswdd(8) System Manager's Manual prpasswdd(8) NAME
prpasswdd - Enhanced security daemon SYNOPSIS
/usr/sbin/prpasswdd [-lifetime secs] [-reply_lifetime secs] [-depth n] [-debug] FLAGS
Enables request logging by the auth facility in syslog. This should only be used for debugging, because the volume of logged data can be considerable. Limits the number of remembered entries kept cached in memory (for speed). The default depth is unlimited. Limits the amount of time (in seconds) that remembered entries are kept cached in memory. The default lifetime is 1 hour (3600 seconds). Limits the amount of time (in seconds) that client transactions are remembered for fast RPC replies. The default reply lifetime is 6 minutes (360 seconds), which allows for minimum of 5 minutes built into the client library code before timing out a given transaction request. DESCRIPTION
The enhanced security daemon, prpasswdd, manages writes to the protected password authentication database, as well as the other enhanced security databases. It prevents file lock contention among multiple writers. A strict C2 security policy, which is optionally config- urable using enhanced security, requires each user login or login failure to be recorded in the protected password authentication database. These updates, in combination with password changes and system administration functions affecting user accounts, are coordinated by the daemon. Clients communicate with the daemon using rpc. Two daemon processes, a parent and a child, exist on a system running enhanced security. The daemon is controlled from /sbin/init.d/prpasswd, which accepts the start, stop, and restart commands. The active daemon is the child process, which writes its PID to the /var/run/prpasswdd.pid file. The daemon services requests from the localhost address (127.0.0.1), or, for TruCluster Server V5.0 systems, from the default cluster alias address. Requests from other addresses or from non-privileged ports are rejected. FILES
RELATED INFORMATION
Commands: login(1), dxaccounts(8), edauth(8), useradd(8) Functions: putespwnam(3), putestcnam(3), putesdfnam(3), putesdvnam(3), putesfinam(3) Files: authcap(4), default(4), devassign(4), files(4), prpasswd(4), ttys(4) delim off prpasswdd(8)
Check Out this Related Man Page
rpc.nispasswdd(1M) System Administration Commands rpc.nispasswdd(1M) NAME
rpc.nispasswdd, nispasswdd - NIS+ password update daemon SYNOPSIS
/usr/sbin/rpc.nispasswdd [-a attempts] [-c minutes] [-D] [-g] [-v] DESCRIPTION
rpc.nispasswdd daemon is an ONC+ RPC service that services password update requests from nispasswd(1) and yppasswd(1). It updates password entries in the NIS+ passwd table. rpc.nispasswdd is normally started from a system startup script after the NIS+ server (rpc.nisd(1M)) has been started. rpc.nispasswdd will determine whether it is running on a machine that is a master server for one or more NIS+ directories. If it discovers that the host is not a master server, then it will promptly exit. It will also determine if rpc.nisd(1M) is running in NIS (YP) compatibility mode (the -Yoption) and will register as yppasswdd for NIS (YP) clients as well. rpc.nispasswdd will syslog all failed password update attempts, which will allow an administrator to determine whether someone was trying to "crack" the passwords. rpc.nispasswdd has to be run by a superuser. OPTIONS
-a attempts Set the maximum number of attempts allowed to authenticate the caller within a password update request session. Failed attempts are syslogd(1M) and the request is cached by the daemon. After the maximum number of allowed attempts the daemon severs the connection to the client. The default value is set to 3. -c minutes Set the number of minutes a failed password update request should be cached by the daemon. This is the time during which if the daemon receives further password update requests for the same user and authentication of the caller fails, then the daemon will simply not respond. The default value is set to 30minutes. -D Debug. Run in debugging mode. -g Generate DES credential. By default the DES credential is not generated for the user if they do not have one. By specifying this option, if the user does not have a credential, then one will be generated for them and stored in the NIS+ cred table. -v Verbose. With this option, the daemon sends a running narration of what it is doing to the syslog daemon. This option is useful for debugging problems. EXIT STATUS
0 success 1 an error has occurred. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWnisu | +-----------------------------+-----------------------------+ SEE ALSO
svcs(1), nispasswd(1), passwd(1), yppasswd(1), rpc.nisd(1M), syslogd(1M), svcadm(1M), nsswitch.conf(4), attributes(5), smf(5) NOTES
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html. The rpc.nispasswdd service is managed by the service management facility, smf(5), under the service identifier: svc:/network/rpc/nisplus:default Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser- vice's status can be queried using the svcs(1) command. SunOS 5.10 13 Aug 2004 rpc.nispasswdd(1M)