1rpc.yppasswdd(1M) System Administration Commands rpc.yppasswdd(1M)
2
3
4
6 rpc.yppasswdd, yppasswdd - server for modifying NIS password file
7
9 /usr/lib/netsvc/yp/rpc.yppasswdd [-D directory]
10 [-nogecos] [-noshell] [-nopw]
11 [-m argument1 argument2...]
12
13
14 /usr/lib/netsvc/yp/rpc.yppasswdd
15 [passwordfile [adjunctfile]]
16 [-nogecos] [-noshell] [-nopw]
17 [-m argument1 argument2...]
18
19
21 rpc.yppasswdd is a server that handles password change requests from
22 yppasswd(1). It changes a password entry in the passwd, shadow, and
23 security/passwd.adjunct files. The passwd and shadow files provide the
24 basis for the passwd.byname and passwd.byuid maps. The passwd.adjunct
25 file provides the basis for the passwd.adjunct.byname and
26 passwd.adjunct.byuid maps. Entries in the passwd, shadow or
27 passwd.adjunct files are changed only if the password presented by
28 yppasswd(1) matches the encrypted password of the entry. All password
29 files are located in the PWDIR directory.
30
31
32 If the -D option is given, the passwd, shadow, or passwd.adjunct files
33 are placed under the directory path that is the argument to -D.
34
35
36 If the -noshell, -nogecos or -nopw options are given, these fields can‐
37 not be changed remotely using chfn, chsh, or passwd(1).
38
39
40 If the -m option is given, a make(1S) is performed in /var/yp after any
41 of the passwd, shadow, or passwd.adjunct files are modified. All argu‐
42 ments following the flag are passed to make.
43
44
45 The second of the listed syntaxes is provided only for backward compat‐
46 ibility. If the second syntax is used, the passwordfile is the full
47 pathname of the password file and adjunctfile is the full pathname of
48 the optional passwd.adjunct file. If a shadow file is found in the same
49 directory as passwordfile, the shadowfile is used as described above.
50 Use of this syntax and the discovery of a shadowfile file generates
51 diagnostic output. The daemon, however, starts normally.
52
53
54 The first and second syntaxes are mutually exclusive. You cannot spec‐
55 ify the full pathname of the passwd, passwd.adjunct files and use the
56 -D option at the same time.
57
58
59 The daemon is started automatically on the master server of the passwd
60 map by ypstart(1M), which is invoked at boot time by the svcs:/net‐
61 work/nis/server:default service.
62
63
64 The server does not insist on the presence of a shadow file unless
65 there is no -D option present or the directory named with the -D option
66 is /etc. In addition, a passwd.adjunct file is not necessary. If the -D
67 option is given, the server attempts to find a passwd.adjunct file in
68 the security subdirectory of the named directory. For example, in the
69 presence of -D /var/yp the server checks for a /var/yp/secu‐
70 rity/passwd.adjunct file.
71
72
73 If only a passwd file exists, then the encrypted password is expected
74 in the second field. If both a passwd and a passwd.adjunct file exist,
75 the encrypted password is expected in the second field of the adjunct
76 file with ##username in the second field of the passwd file. If all
77 three files are in use, the encrypted password is expected in the
78 shadow file. Any deviation causes a password update to fail.
79
80
81 If you remove or add a shadow or passwd.adjunct file after rpc.yppass‐
82 wdd has started, you must stop and restart the daemon to enable it to
83 recognize the change. See ypstart(1m) for information on restarting the
84 daemon.
85
86
87 The rpc.yppasswdd daemon considers a shell that has a name that begins
88 with 'r' to be a restricted shell. By default, the daemon does not
89 check whether a shell begins with an 'r'. However, you can tell it to
90 do so by uncommenting the check_restricted_shell_name=1 line in
91 /etc/default/yppasswdd. The result will be to restrict a user's ability
92 to change from his default shell. See yppasswdd(4).
93
94
95 On start up, yppasswdd checks for the existence of a NIS to LDAP (N2L)
96 configuration file, /var/yp/NISLDAPmapping. If the configuration file
97 is present, the daemon runs in N2L mode. If the file is not present,
98 yppasswdd runs in traditional, non-N2L mode.
99
100
101 In N2L mode, changes are written directly to the Directory Information
102 Tree (DIT). If the changes are written successfully, the NIS map is
103 updated. The NIS source files, passwd, shadow, and passwd.adjunct, for
104 example, are not updated. Thus, in N2L mode, the -D option is meaning‐
105 less. In N2L mode, yppasswdd propagates changes by calling yppush(1M)
106 instead of ypmake(1M). The -m option is thus unused.
107
108
109 During an NIS-to-LDAP transition, the yppasswdd daemon uses the N2L-
110 specific map, ageing.byname, to read and write password aging infor‐
111 mation to the DIT. If you are not using password aging, then the age‐
112 ing.byname mapping is ignored.
113
115 See attributes(5) for descriptions of the following attributes:
116
117
118
119
120 ┌─────────────────────────────┬─────────────────────────────┐
121 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
122 ├─────────────────────────────┼─────────────────────────────┤
123 │Availability │SUNWypu │
124 └─────────────────────────────┴─────────────────────────────┘
125
127 svcs(1), make(1S), passwd(1), yppasswd(1), inetd(1M), svcadm(1M),
128 ypmake(1M), yppush(1M), ypstart(1M), NISLDAPmapping(4), passwd(4),
129 shadow(4), ypfiles(4), yppasswdd(4), ypserv(4), attributes(5), smf(5)
130
132 If make has not been installed and the -m option is given, the daemon
133 outputs a warning and proceeds, effectively ignoring the -m flag.
134
135
136 When using the -D option, you should make sure that the PWDIR of the
137 /var/yp/Makefile is set accordingly.
138
139
140 The second listed syntax is supplied only for backward compatibility
141 and might be removed in a future release of this daemon.
142
143
144 The Network Information Service (NIS) was formerly known as Sun Yellow
145 Pages (YP). The functionality of the two remains the same; only the
146 name has changed. The name Yellow Pages is a registered trademark in
147 the United Kingdom of British Telecommunications PLC, and cannot be
148 used without permission.
149
150
151 The NIS server service is managed by the service management facility,
152 smf(5), under the service identifier:
153
154 svcs:/network/nis/server:default
155
156
157
158
159 Administrative actions on this service, such as enabling, disabling, or
160 requesting restart, can be performed using svcadm(1M). The service's
161 status can be queried using the svcs(1) command.
162
163
164
165SunOS 5.11 24 Aug 2004 rpc.yppasswdd(1M)