|
|
S-098: HP-UX Running rpc.yppasswdd Vulnerability
|
|
yppasswdd(8) System Manager's Manual yppasswdd(8) NAME
yppasswdd, rpc.yppasswdd - server daemon for modifying the Network Information Service (NIS) password file SYNOPSIS
/usr/sbin/rpc.yppasswdd file [-m arg1 arg2...] DESCRIPTION
The yppasswdd daemon is a server that handles password change requests from yppasswd(1). It changes a password entry in the specified file, which is assumed to be in the same format described in passwd(4). An entry in file will be changed only if the password presented by yppasswd(1) matches the encrypted password of that entry. If the -m option is given, then after file is modified, a make(1) will be performed in /var/yp. Any arguments following the option will be passed to make. The -m option should be set only at a NIS master server machine. This server is not run by default, nor can it be started up from inetd(8). If it is desired to enable remote password updating for the NIS, then an entry for yppasswdd should be put in the /sbin/init.d/nis file of the host serving as the master for the NIS passwd file. SECURITY NOTE
When enhanced security is installed and NIS is used to distribute the protected password authentication database, the yppasswdd daemon man- ages writes to that database. A strict C2 security policy, which is optionally configurable using enhanced security, requires each user login or login failure to be recorded in the protected password authentication database. These updates, in combination with password changes and system administration functions affecting user accounts, are coordinated by the daemon. EXAMPLES
If the NIS password file is stored as /var/yp/src/passwd, then to have password changes propagated immediately, the server should be invoked as: /usr/sbin/rpc.yppasswdd /var/yp/src/passwd -m passwd DIR= /var/yp/src FILES
SEE ALSO
Commands: yppasswd(1), ypmake(8) Files: passwd(4), ypfiles(4) yppasswdd(8)
