.\" .\" Copyright 1994 Olaf Kirch, .\" .\" This program is covered by the GNU General Public License, version 2. .\" It is provided in the hope that it is useful. However, the author .\" disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. .\" .TH YPPASSWDD 8 "12 December 1994" "" "" .SH NAME rpc.yppasswdd \- NIS password update server .SH SYNOPSIS .B "rpc.yppasswdd [-s]" .SH DESCRIPTION \fByppasswdd\fP is the RPC server that lets users change their passwords in the presence of NIS (a.k.a. YP). It must be run on the NIS master server for that NIS domain. .P When a \fByppasswd(1)\fP client contacts the server, it sends the old user password along with the new one. \fByppasswdd\fP will search the system's \fB/etc/passwd\fP file for the specified user name, verify that the given (old) password matches, and update the entry. If the user specified does not exist, or if the password, UID or GID doesn't match the information in the password file, the update request is rejected, and an error returned to the client. .P After updating the \fBpasswd\fP file and returning a success notification to the client, \fByppasswdd\fP executes the \fBpwupdate\fP script that updates the NIS server's \fBpasswd.*\fP maps. This script assumes all NIS maps are kept in directories named .BI /var/yp/ nisdomain that each contain a \fBMakefile\fP customized for that NIS domain. If no such \fBMakefile\fP is found, the scripts uses the generic one in \fB/var/yp\fP. .SH OPTIONS The following options are available with \fByppasswdd\fP: .TP .BI "\-f" " passwdfile" This options tells \fByppasswdd\fP to use a different source file instead of \fB/etc/passwd\fP. This is useful if you do not want to give all users in the NIS database automatic access to your NIS server. .IP This option does not work for shadow passwords. .TP .BI "\-s" When \fByppasswdd\fP is compiled with support for John\ F. Haugh's shadow library, this option makes the server use the password functions from the \fBlibshadow\fP library instead of the standard ones. See below for a brief discussion of shadow support. .TP .BI "\-e [chsh|chfn]" By default, \fByppasswdd\fP will not allow users to change the shell or GECOS field of their \fBpasswd\fP entry. Using the \fB\-e\fP option, you can enable either of these. Note that when enabling support for \fBypchsh\fP(1), you have to list all shells users are allowed to use in \fB/etc/shells\fP. .SH MISCELLANEOUS .SS Shadow Passwords Using Shadow passwords alongside NIS does not make too much sense, because the supposedly inaccesible passwords now become readable through a simple invocation of \fBypcat(8)\fP. .P Shadow support in \fByppasswdd\fP does not mean that it offers a very clever solution to this problem, it simply means that it can read and write password entries in \fB/etc/shadow\fP. You still have to produce a normal NIS map to distribute password information to your NIS clients. The \fByp.pwupdate\fP script supplied with \fByppasswdd\fP creates a standard \fB/etc/passwd\fP file from \fP/etc/shadow\fP using \fBpwunconv(8)\fP and produces the NIS maps from that. .SS Logging \fByppasswdd\fP logs all password update requests to \fBsyslogd(8)\fP's auth facility. The logging information includes the originating host's IP address and the user name and UID contained in the request. The user-supplied password itself is not logged. .SS Security Unless I've screwed up completely (as I did with versions prior to version\ 0.5), \fByppasswdd\fP should be as secure or insecure as any program relying on simple password authentication. If you feel that this is not enough, you may want to protect \fByppasswdd\fP from outside access by using the `securenets' feature of the new \fBportmap(8)\fP version\ 3. Better still, use Kerberos. .SH COPYRIGHT \fByppasswdd\fP is copyright (C) Olaf Kirch. You can use and distribute it under the GNU General Public License Version 2. Note that it does \fInot\fP contain any code from the shadow password suite. This means that as long as you don't use shadow passwords, you won't be affected by the ``no commercial use'' policy of the shadow suite. .SH FILES \fB/usr/sbin/rpc.yppasswdd\fP .br \fB/usr/lib/yp/pwupdate\fP .br \fB/etc/passwd\fP .br \fB/etc/shadow\fP .SH SEE ALSO .IR passwd(5) , .IR passwd(8) , .IR portmap(8) , .IR pwunconv(8) , .IR yppasswd(1) , .IR ypchsh(1) , .IR ypchfn(1) , .IR ypserv(8) , .IR ypcat(8) . .SH AUTHOR Olaf Kirch, .br Charles Lopez, (shadow support)