yppasswdd(8)

NAME

   rpc.yppasswdd - NIS password update daemon

SYNOPSIS

   rpc.yppasswdd [-D directory] [-e chsh|chfn] [--port number]
   rpc.yppasswdd [-s shadow] [-p passwd] [-e chsh|chfn] [--port number]
   rpc.yppasswdd -x program|-E program [-e chsh|chfn] [--port number]

DESCRIPTION

   rpc.yppasswdd  is the RPC server that lets users change their passwords
   in the presence of NIS (a.k.a. YP). It must be run on  the  NIS  master
   server for that NIS domain.

   When  a  yppasswd(1)  client contacts the server, it sends the old user
   password along with the new one. rpc.yppasswdd will search the system's
   passwd  file  for  the specified user name, verify that the given (old)
   password matches, and update the entry. If the user specified does  not
   exist,  or if the password, UID or GID doesn't match the information in
   the password file,  the  update  request  is  rejected,  and  an  error
   returned to the client.

   If  this version of the server is compiled with the CHECKROOT=1 option,
   the password given is also checked against the systems root password.

   After updating the passwd file and returning a success notification  to
   the client, rpc.yppasswdd executes the pwupdate script that updates the
   NIS server's passwd.* and shadow.byname maps.  This script assumes  all
   NIS  maps  are  kept  in  directories named /var/yp/nisdomain that each
   contain a Makefile customized for that NIS domain. If no such  Makefile
   is found, the scripts uses the generic one in /var/yp.

OPTIONS

   The following options are available:

   -D directory
          The  passwd  and  shadow  files  are located under the specified
          directory  path.   rpc.yppasswdd  will  use  this   files,   not
          /etc/passwd  and /etc/shadow.  This is useful if you do not want
          to give all users in the NIS database automatic access  to  your
          NIS server.

   -E program
          Instead  of rpc.yppasswdd editing the passwd & shadow files, the
          specified program will be run to do the editing.  The  following
          environment   variables   will   be   set   for   the   program:
          YP_PASSWD_OLD, YP_PASSWD_NEW, YP_USER, YP_GECOS,  YP_SHELL.  The
          program  should  return  an  exit  status  of  0  if  the change
          completes successfully, 1 if the change  completes  successfully
          but  pwupdate  should  not  be  run, and otherwise if the change
          fails.

   -p passwdfile
          This options tells rpc.yppasswdd to use a different source  file
          instead of /etc/passwd This is useful if you do not want to give
          all users in the NIS  database  automatic  access  to  your  NIS
          server.

   -s shadowfile
          This  options tells rpc.yppasswdd to use a different source file
          instead of /etc/passwd. See below  for  a  brief  discussion  of
          shadow support.

   -e [chsh|chfn]
          By  default,  rpc.yppasswdd  will  not allow users to change the
          shell or GECOS field of their passwd entry. Using the -e option,
          you  can enable either of these. Note that when enabling support
          for ypchsh(1), you have to list all shells users are allowed  to
          select in /etc/shells.

   -x program
          When  the  -x  option is used, rpc.yppasswdd will not attempt to
          modify any files itself, but  will  instead  run  the  specified
          program,  passing  to  its stdin information about the requested
          operation(s).  There is a defined protocol used  to  communicate
          with  this  external  program, which has total freedom in how it
          propagates the change request. See below  for  more  details  on
          this.

   -m     Will be ignored, for compatibility with Solaris only.

   --port number
          rpc.yppasswdd  will  try  to  register itself to this port. This
          makes it  possible to have a router filter packets  to  the  NIS
          ports.

   -v --version
          Prints  the  version number and if this package is compiled with
          the CHECKROOT option.

MISCELLANEOUS

   Shadow Passwords
   Using Shadow passwords alongside NIS does  not  make  too  much  sense,
   because  the  supposedly  inaccesible  passwords  now  become  readable
   through a simple invocation of ypcat(1).

   Shadow support in rpc.yppasswdd does not mean that  it  offers  a  very
   clever  solution  to this problem, it simply means that it can read and
   write password entries in  the  system's  shadow  file.   You  have  to
   produce  a  shadow.byname NIS map to distribute password information to
   your NIS clients. rpc.yppasswdd will search at first in the /etc/passwd
   file for the user and password. If it find's the user, but the password
   is "x" and a /etc/shadow file exists, it will update  the  password  in
   the shadow map.

   Use of the -x option
   The  program  should  expect to read a single line from stdin, which is
   formatted as follows:

   <username> o:<oldpass> p:<password> s:<shell> g:<gcos>\n

   where any of the three fields [p, s, g] may or may not be present.

   This program should write "OK\n" to stdout if the operation  succeeded.
   On any other result, rpc.yppasswdd will report failure to the client.

   Note  that  the  program  specified by the -x option is responsible for
   doing any NIS make and build, and for doing any necessary validation on
   the  shell and gcos field information supplied.  The password passed to
   the client will be in UNIX crypt() format.

   Logging
   rpc.yppasswdd logs all password update requests  to  syslogd(8)'s  auth
   facility.  The  logging  information includes the originating host's IP
   address and the user name and UID contained in the request.  The  user-
   supplied password itself is not logged.

   Security
   Unless  I've  screwed  up  completely  (as I did with versions prior to
   version 0.5), rpc.yppasswdd should be as  secure  or  insecure  as  any
   program  relying  on  simple password authentication.  If you feel that
   this is not enough, you may want to protect rpc.yppasswdd from  outside
   access  by  using  the  `securenets'  feature  of  the  new  portmap(8)
   version 3.  Better still, use Kerberos.

COPYRIGHT

   rpc.yppasswdd is copyright (C) Olaf Kirch. You can use  and  distribute
   it  under  the  GNU General Public License Version 2. Note that it does
   not contain any code from the shadow password suite.

FILES

   /usr/sbin/rpc.yppasswdd
   /usr/lib/yp/pwupdate
   /etc/passwd
   /etc/shadow

SEE ALSO

   passwd(5), shadow(5),  passwd(1),  yppasswd(1),  ypchsh(1),  ypchfn(1),
   ypserv(8), ypcat(1)

   The  Network Information Service (NIS) was formerly known as Sun Yellow
   Pages (YP).  The functionality of the two remains the  same;  only  the
   name  has  changed.  The name Yellow Pages is a registered trademark in
   the United Kingdom of British Telecommunications plc, and  may  not  be
   used without permission.

AUTHOR

   Olaf Kirch, <[email protected]>
   Thorsten Kukuk, <[email protected]>

Opportunity

Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.

Free Software

Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.

Free Books

The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.

Education

Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.