Unix/Linux Go Back    


SuSE 11.3 - man page for yppasswdd (suse section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


RPC.YPPASSWDD(8)		       NIS Reference Manual			 RPC.YPPASSWDD(8)

NAME
       rpc.yppasswdd - NIS password update daemon

SYNOPSIS
       rpc.yppasswdd [-D directory] -e chsh|chfn [--port number]

       rpc.yppasswdd [-s shadow] [-p passwd] -e chsh|chfn [--port number]

       rpc.yppasswdd -x program | -E program  -e chsh|chfn [--port number]

DESCRIPTION
       rpc.yppasswdd is the RPC server that lets users change their passwords in the presence of
       NIS (a.k.a. YP). It must be run on the NIS master server for that NIS domain.

       When a yppasswd(1) client contacts the server, it sends the old user password along with
       the new one.  rpc.yppasswdd will search the system's passwd file for the specified user
       name, verify that the given (old) password matches, and update the entry. If the user
       specified does not exist, or if the password, UID or GID doesn't match the information in
       the password file, the update request is rejected, and an error returned to the client.

       If this version of the server is compiled with the CHECKROOT=1 option, the password given
       is also checked against the systems root password.

       After updating the passwd file and returning a success notification to the client,
       rpc.yppasswdd executes the pwupdate script that updates the NIS server's passwd.*  and
       shadow.byname maps. This script assumes all NIS maps are kept in directories named
       /var/yp/nisdomain that each contain a Makefile customized for that NIS domain. If no such
       Makefile is found, the scripts uses the generic one in /var/yp.

OPTIONS
       The following options are available:

       -D directory
	   The passwd and shadow files are located under the specified directory path.
	   rpc.yppasswdd will use this files, not /etc/passwd and /etc/shadow.	This is useful if
	   you do not want to give all users in the NIS database automatic access to your NIS
	   server.

       -E program
	   Instead of rpc.yppasswdd editing the passwd & shadow files, the specified program will
	   be run to do the editing. The following environment variables will be set for the
	   program: YP_PASSWD_OLD, YP_PASSWD_NEW, YP_USER, YP_GECOS, YP_SHELL. The program should
	   return an exit status of 0 if the change completes successfully, 1 if the change
	   completes successfully but pwupdate should not be run, and otherwise if the change
	   fails.

       -p passwdfile
	   This options tells rpc.yppasswdd to use a different source file instead of /etc/passwd
	   This is useful if you do not want to give all users in the NIS database automatic
	   access to your NIS server.

       -s shadowfile
	   This options tells rpc.yppasswdd to use a different source file instead of
	   /etc/passwd. See below for a brief discussion of shadow support.

       -e [chsh|chfn]
	   By default, rpc.yppasswdd will not allow users to change the shell or GECOS field of
	   their passwd entry. Using the -e option, you can enable either of these. Note that
	   when enabling support for ypchsh(1), you have to list all shells users are allowed to
	   select in /etc/shells.

       -x program
	   When the -x option is used, rpc.yppasswdd will not attempt to modify any files itself,
	   but will instead run the specified program, passing to its stdin information about the
	   requested operation(s). There is a defined protocol used to communicate with this
	   external program, which has total freedom in how it propagates the change request. See
	   below for more details on this.

       -m
	   Will be ignored, for compatibility with Solaris only.

       --port number
	   rpc.yppasswdd will try to register itself to this port. This makes it possible to have
	   a router filter packets to the NIS ports.

       -v --version
	   Prints the version number and if this package is compiled with the CHECKROOT option.

MISCELLANEOUS
   Shadow Passwords
       Using Shadow passwords alongside NIS does not make too much sense, because the supposedly
       inaccesible passwords now become readable through a simple invocation of ypcat(1).

       Shadow support in rpc.yppasswdd does not mean that it offers a very clever solution to
       this problem, it simply means that it can read and write password entries in the system's
       shadow file. You have to produce a shadow.byname NIS map to distribute password
       information to your NIS clients.  rpc.yppasswdd will search at first in the /etc/passwd
       file for the user and password. If it find's the user, but the password is "x" and a
       /etc/shadow file exists, it will update the password in the shadow map.

   Use of the -x option
       The program should expect to read a single line from stdin, which is formatted as follows:

       <username> o:<oldpass> p:<password> s:<shell> g:<gcos>\n

       where any of the three fields [p, s, g] may or may not be present.

       This program should write "OK\n" to stdout if the operation succeeded. On any other
       result, rpc.yppasswdd will report failure to the client.

       Note that the program specified by the -x option is responsible for doing any NIS make and
       build, and for doing any necessary validation on the shell and gcos field information
       supplied. The password passed to the client will be in UNIX crypt() format.

   Logging
       rpc.yppasswdd logs all password update requests to syslogd(8)'s auth facility. The logging
       information includes the originating host's IP address and the user name and UID contained
       in the request. The user-supplied password itself is not logged.

   Security
       rpc.yppasswdd should be as secure or insecure as any program relying on simple password
       authentication. If you feel that this is not enough, you may want to protect rpc.yppasswdd
       from outside access by using the `securenets' feature of the new portmap(8) version 3.
       Better still, look at rpasswdd(8).

FILES
       /usr/sbin/rpc.yppasswdd

       /usr/lib/yp/pwupdate

       /etc/passwd

       /etc/shadow

SEE ALSO
       passwd(5), shadow(5), passwd(1), rpasswdd(8), yppasswd(1), ypchsh(1), ypchfn(1),
       ypserv(8), ypcat(1)

AUTHOR
       Olaf Kirch <okir@monad.swb.de> and Thorsten Kukuk <kukuk@linux-nis.org>

NIS Reference Manual			    09/26/2007				 RPC.YPPASSWDD(8)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 12:35 PM.