'\" te .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH rpc.yppasswdd 1M "24 Aug 2004" "SunOS 5.11" "System Administration Commands" .SH NAME rpc.yppasswdd, yppasswdd \- server for modifying NIS password file .SH SYNOPSIS .LP .nf \fB/usr/lib/netsvc/yp/rpc.yppasswdd\fR [\fB-D\fR \fIdirectory\fR] [\fB-nogecos\fR] [\fB-noshell\fR] [\fB-nopw\fR] [\fB-m\fR \fIargument1\fR \fIargument2\fR...] .fi .LP .nf \fB/usr/lib/netsvc/yp/rpc.yppasswdd\fR [\fIpasswordfile\fR [\fIadjunctfile\fR]] [\fB-nogecos\fR] [\fB-noshell\fR] [\fB-nopw\fR] [\fB-m\fR \fIargument1\fR \fIargument2\fR...] .fi .SH DESCRIPTION .sp .LP \fBrpc.yppasswdd\fR is a server that handles password change requests from \fByppasswd\fR(1). It changes a password entry in the \fBpasswd\fR, \fBshadow\fR, and \fBsecurity/passwd.adjunct\fR files. The \fBpasswd\fR and \fBshadow\fR files provide the basis for the \fBpasswd.byname\fR and \fBpasswd.byuid\fR maps. The \fBpasswd.adjunct\fR file provides the basis for the \fBpasswd.adjunct.byname\fR and \fBpasswd.adjunct.byuid\fR maps. Entries in the \fBpasswd\fR, \fBshadow\fR or \fBpasswd.adjunct\fR files are changed only if the password presented by \fByppasswd\fR(1) matches the encrypted password of the entry. All password files are located in the \fBPWDIR\fR directory. .sp .LP If the \fB-D\fR option is given, the \fBpasswd\fR, \fBshadow,\fR or \fBpasswd.adjunct\fR files are placed under the directory path that is the argument to \fB-D\fR. .sp .LP If the \fB-noshell\fR, \fB-nogecos\fR or \fB-nopw\fR options are given, these fields cannot be changed remotely using \fBchfn\fR, \fBchsh\fR, or \fBpasswd\fR(1). .sp .LP If the \fB-m\fR option is given, a \fBmake\fR(1S) is performed in \fB/var/yp\fR after any of the \fBpasswd\fR, \fBshadow\fR, or \fBpasswd.adjunct\fR files are modified. All arguments following the flag are passed to \fBmake\fR. .sp .LP The second of the listed syntaxes is provided only for backward compatibility. If the second syntax is used, the \fBpasswordfile\fR is the full pathname of the password file and \fBadjunctfile\fR is the full pathname of the optional \fBpasswd.adjunct\fR file. If a shadow file is found in the same directory as \fBpasswordfile\fR, the \fBshadowfile\fR is used as described above. Use of this syntax and the discovery of a \fBshadowfile\fR file generates diagnostic output. The daemon, however, starts normally. .sp .LP The first and second syntaxes are mutually exclusive. You cannot specify the full pathname of the \fBpasswd\fR, \fBpasswd.adjunct\fR files and use the \fB-D\fR option at the same time. .sp .LP The daemon is started automatically on the master server of the passwd map by \fBypstart\fR(1M), which is invoked at boot time by the \fBsvcs:/network/nis/server:default\fR service. .sp .LP The server does not insist on the presence of a \fBshadow\fR file unless there is no \fB-D\fR option present or the directory named with the \fB-D\fR option is \fB/etc\fR. In addition, a \fBpasswd.adjunct\fR file is not necessary. If the \fB-D\fR option is given, the server attempts to find a \fBpasswd.adjunct\fR file in the \fBsecurity\fR subdirectory of the named directory. For example, in the presence of \fB-D\fR \fB/var/yp\fR the server checks for a \fB/var/yp/security/passwd.adjunct\fR file. .sp .LP If only a \fBpasswd\fR file exists, then the encrypted password is expected in the second field. If both a \fBpasswd\fR and a \fBpasswd.adjunct\fR file exist, the encrypted password is expected in the second field of the adjunct file with \fI##username\fR in the second field of the \fBpasswd\fR file. If all three files are in use, the encrypted password is expected in the \fBshadow\fR file. Any deviation causes a password update to fail. .sp .LP If you remove or add a \fBshadow\fR or \fBpasswd.adjunct\fR file after \fBrpc.yppasswdd\fR has started, you must stop and restart the daemon to enable it to recognize the change. See \fBypstart\fR(1m) for information on restarting the daemon. .sp .LP The \fBrpc.yppasswdd\fR daemon considers a shell that has a name that begins with 'r' to be a restricted shell. By default, the daemon does not check whether a shell begins with an '\fBr\fR'. However, you can tell it to do so by uncommenting the \fBcheck_restricted_shell_name=1\fR line in \fB/etc/default/yppasswdd\fR. The result will be to restrict a user's ability to change from his default shell. See \fByppasswdd\fR(4). .sp .LP On start up, \fByppasswdd\fR checks for the existence of a NIS to LDAP (N2L) configuration file, \fB/var/yp/NISLDAPmapping\fR. If the configuration file is present, the daemon runs in N2L mode. If the file is not present, \fByppasswdd\fR runs in traditional, non-N2L mode. .sp .LP In N2L mode, changes are written directly to the Directory Information Tree (DIT). If the changes are written successfully, the NIS map is updated. The NIS source files, \fBpasswd\fR, \fBshadow\fR, and \fBpasswd.adjunct\fR, for example, are not updated. Thus, in N2L mode, the \fB-D\fR option is meaningless. In N2L mode, \fByppasswdd\fR propagates changes by calling \fByppush\fR(1M) instead of \fBypmake\fR(1M). The \fB-m\fR option is thus unused. .sp .LP During an NIS-to-LDAP transition, the \fByppasswdd\fR daemon uses the N2L-specific map, \fBageing.byname\fR, to read and write password aging information to the DIT. If you are not using password aging, then the \fBageing.byname\fR mapping is ignored. .SH SEE ALSO .sp .LP \fBsvcs\fR(1), \fBmake\fR(1S), \fBpasswd\fR(1), \fByppasswd\fR(1), \fBinetd\fR(1M), \fBsvcadm\fR(1M), \fBypmake\fR(1M), \fByppush\fR(1M), \fBypstart\fR(1M), \fBNISLDAPmapping\fR(4), \fBpasswd\fR(4), \fBshadow\fR(4), \fBypfiles\fR(4), \fByppasswdd\fR(4), \fBypserv\fR(4), \fBattributes\fR(5), \fBsmf\fR(5) .SH NOTES .sp .LP If \fBmake\fR has not been installed and the \fB-m\fR option is given, the daemon outputs a warning and proceeds, effectively ignoring the \fB-m\fR flag. .sp .LP When using the \fB-D\fR option, you should make sure that the \fBPWDIR\fR of the \fB/var/yp/Makefile\fR is set accordingly. .sp .LP The second listed syntax is supplied only for backward compatibility and might be removed in a future release of this daemon. .sp .LP The Network Information Service (\fBNIS\fR) was formerly known as Sun Yellow Pages (\fBYP\fR). The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications PLC, and cannot be used without permission. .sp .LP The NIS server service is managed by the service management facility, \fBsmf\fR(5), under the service identifier: .sp .in +2 .nf svcs:/network/nis/server:default .fi .in -2 .sp .sp .LP Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.