|
|
Sponsored Content
Operating Systems
Solaris
NIS Password
Post 302215649 by incredible on Wednesday 16th of July 2008 11:55:39 PM
07-17-2008
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
SCO OpenServer 5.05
Has anyone ever received this error when attempting to
change/assign a user password?
#ypasswd
=======================================
yppasswd: (host name) is not running yppasswd daemon
Password request denied.
Reason: Remote password change request denied.... (2 Replies)
Discussion started by: gseyforth
2 Replies
2. Solaris
Hi,
I need help urgently.
I've been running NIS for 4 years without problem. And just two weeks ago, all my users are unable to change their password which never happens before.
When we issue passwd or yppasswd, this is what we get
passwd : Changing password for Jennifer
Enter existing... (2 Replies)
Discussion started by: jennifer
2 Replies
3. Shell Programming and Scripting
Hi ,
is there anyway of implementing password aging in NIS?
I would say thanks in advance.
Thanks and regards,
HAA (1 Reply)
Discussion started by: HAA
1 Replies
4. Solaris
Hi
Our nis server running on Sun solaris 8 operating system.
I have added a new user in the nis passwd file
& when I am trying to update the file from nis server by using
following command:
# cd /var/yp
# make
updated passwd
It updates the passwd file but does not come back to command... (3 Replies)
Discussion started by: dolphin
3 Replies
5. Red Hat
I have a RHEL 5 NIS server. It seems to be working fine except for password ageing. If passwords expire in the shadow file then users are still able to log on with no problems and no notifications. Does anyone know how to turn password ageing on through NIS? (4 Replies)
Discussion started by: darren.wyatt
4 Replies
6. Solaris
Friends
I want to know whether i can change the password of a user logged in thru NIS from a client machine after stopping the YP services in NIS server.
Note - The Slave server is up and running.
I tried doing this. But i got the reply "Permission Denied".
I stopped the YP services in... (7 Replies)
Discussion started by: efunds
7 Replies
7. Solaris
Hi
Any body knows how to prompt user to change password on first login in a Solaris NIS client.
Thanks
HG (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
8. Red Hat
Hi,
I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me.
I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies
9. HP-UX
HI. I was wondering if anyone can assist me in this. I have an HP-UX 11.31 server at work which keeps expiring my NIS password. I cannot log in unless I use root access. It worked before and I think some of the settings changed since then. My boss has told me that since we're taking some... (1 Reply)
Discussion started by: zixzix01
1 Replies
10. Shell Programming and Scripting
Hi All,
I am having Solaris 5.10 acting as NIS.
How do i change multiple user password in NIS in a batch.
I have predefined users with their passwords to be set:
Example:
user1 password1
user2 password2
Pls advise. (0 Replies)
Discussion started by: yogajwa
0 Replies
LEARN ABOUT CENTOS
yppasswdd
RPC.YPPASSWDD(8) NIS Reference Manual RPC.YPPASSWDD(8) NAME
rpc.yppasswdd - NIS password update daemon SYNOPSIS
rpc.yppasswdd [-D directory] -e chsh|chfn [--port number] [-f|--foreground] rpc.yppasswdd [-s shadow] [-p passwd] -e chsh|chfn [--port number] [-f|--foreground] rpc.yppasswdd -x program | -E program -e chsh|chfn [--port number] [-f|--foreground] DESCRIPTION
rpc.yppasswdd is the RPC server that lets users change their passwords in the presence of NIS (a.k.a. YP). It must be run on the NIS master server for that NIS domain. When a yppasswd(1) client contacts the server, it sends the old user password along with the new one. rpc.yppasswdd will search the system's passwd file for the specified user name, verify that the given (old) password matches, and update the entry. If the user specified does not exist, or if the password, UID or GID doesn't match the information in the password file, the update request is rejected, and an error returned to the client. If this version of the server is compiled with the CHECKROOT=1 option, the password given is also checked against the systems root password. After updating the passwd file and returning a success notification to the client, rpc.yppasswdd executes the pwupdate script that updates the NIS server's passwd.* and shadow.byname maps. This script assumes all NIS maps are kept in directories named /var/yp/nisdomain that each contain a Makefile customized for that NIS domain. If no such Makefile is found, the scripts uses the generic one in /var/yp. It is possible to pass OPTIONS to rpc.yppasswdd using the environment variable YPPASSWDD_ARGS and this variable can be set in /etc/sysconfig/yppasswdd. OPTIONS
The following options are available: -D directory The passwd and shadow files are located under the specified directory path. rpc.yppasswdd will use this files, not /etc/passwd and /etc/shadow. This is useful if you do not want to give all users in the NIS database automatic access to your NIS server. -E program Instead of rpc.yppasswdd editing the passwd & shadow files, the specified program will be run to do the editing. The following environment variables will be set for the program: YP_PASSWD_OLD, YP_PASSWD_NEW, YP_USER, YP_GECOS, YP_SHELL. The program should return an exit status of 0 if the change completes successfully, 1 if the change completes successfully but pwupdate should not be run, and otherwise if the change fails. -p passwdfile This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd This is useful if you do not want to give all users in the NIS database automatic access to your NIS server. -s shadowfile This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd. See below for a brief discussion of shadow support. -e [chsh|chfn] By default, rpc.yppasswdd will not allow users to change the shell or GECOS field of their passwd entry. Using the -e option, you can enable either of these. Note that when enabling support for ypchsh(1), you have to list all shells users are allowed to select in /etc/shells. -x program When the -x option is used, rpc.yppasswdd will not attempt to modify any files itself, but will instead run the specified program, passing to its stdin information about the requested operation(s). There is a defined protocol used to communicate with this external program, which has total freedom in how it propagates the change request. See below for more details on this. -m Will be ignored, for compatibility with Solaris only. --port number rpc.yppasswdd will try to register itself to this port. This makes it possible to have a router filter packets to the NIS ports. -v --version Prints the version number and if this package is compiled with the CHECKROOT option. -f, --foreground will not put itself into background. MISCELLANEOUS
Shadow Passwords Using Shadow passwords alongside NIS does not make too much sense, because the supposedly inaccesible passwords now become readable through a simple invocation of ypcat(1). Shadow support in rpc.yppasswdd does not mean that it offers a very clever solution to this problem, it simply means that it can read and write password entries in the system's shadow file. You have to produce a shadow.byname NIS map to distribute password information to your NIS clients. rpc.yppasswdd will search at first in the /etc/passwd file for the user and password. If it find's the user, but the password is "x" and a /etc/shadow file exists, it will update the password in the shadow map. Use of the -x option The program should expect to read a single line from stdin, which is formatted as follows: <username> o:<oldpass> p:<password> s:<shell> g:<gcos> where any of the three fields [p, s, g] may or may not be present. This program should write "OK " to stdout if the operation succeeded. On any other result, rpc.yppasswdd will report failure to the client. Note that the program specified by the -x option is responsible for doing any NIS make and build, and for doing any necessary validation on the shell and gcos field information supplied. The password passed to the client will be in UNIX crypt() format. Logging rpc.yppasswdd logs all password update requests to syslogd(8)'s auth facility. The logging information includes the originating host's IP address and the user name and UID contained in the request. The user-supplied password itself is not logged. Security rpc.yppasswdd should be as secure or insecure as any program relying on simple password authentication. If you feel that this is not enough, you may want to protect rpc.yppasswdd from outside access by using the `securenets' feature of the new portmap(8) version 3. Better still, look at rpasswdd(8). FILES
/usr/sbin/rpc.yppasswdd /usr/lib/yp/pwupdate /etc/passwd /etc/shadow /etc/sysconfig/yppasswdd SEE ALSO
passwd(5), shadow(5), passwd(1), rpasswdd(8), yppasswd(1), ypchsh(1), ypchfn(1), ypserv(8), ypcat(1) AUTHOR
Olaf Kirch <okir@monad.swb.de> and Thorsten Kukuk <kukuk@linux-nis.org> NIS Reference Manual 09/26/2007 RPC.YPPASSWDD(8)