1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $FreeBSD$ 32.\" 33.Dd February 8, 1996 34.Dt RPC.YPPASSWDD 8 35.Os 36.Sh NAME 37.Nm rpc.yppasswdd 38.Nd "server for updating NIS passwords" 39.Sh SYNOPSIS 40.Nm rpc.yppasswdd 41.Op Fl t Ar master.passwd template file 42.Op Fl d Ar default domain 43.Op Fl p Ar path 44.Op Fl s 45.Op Fl f 46.Op Fl a 47.Op Fl m 48.Op Fl i 49.Op Fl v 50.Op Fl u 51.Op Fl h 52.Sh DESCRIPTION 53The 54.Nm 55daemon allows users to change their NIS passwords and certain 56other information using the 57.Xr yppasswd 1 58and 59.Xr ypchpass 1 60commands. 61.Nm Rpc.yppasswdd 62is an RPC-based server that accepts incoming password change requests, 63authenticates them, places the updated information in the 64.Pa /var/yp/master.passwd 65template file and then updates the NIS 66.Pa master.passwd 67and 68.Pa passwd 69maps. 70.Pp 71The 72.Nm 73server allows a normal NIS user to change 74his or her NIS password, full name (also 75known as 'GECOS' field) or shell. These updates are typically done using 76the 77.Xr yppasswd 1 , 78.Xr ypchfn 1 , 79.Xr ypchsh 1 , 80or 81.Xr ypchpass 1 82commands. (Some administrators don't want users to be able to change their 83full name information or shells; the server can be invoked with option flags 84that disallow such changes.) When the server receives an update request, 85it compares the address of the client making the request against the 86.Pa securenets 87rules outlined in 88.Pa /var/yp/securenets . 89(See the 90.Xr ypserv 8 91manual page for more information on securenets; the 92.Nm 93server uses the same access control mechanism as 94.Xr ypserv 8 .) 95.Pp 96The server then 97checks the 'old' password supplied by the user to make sure it's 98valid, then performs some sanity checks on the updated information (these 99include checking for embedded control characters, colons or invalid shells). 100Once it is satisfied that the update request is valid, the server modifies 101the template password file (the default is 102.Pa /var/yp/master.passwd ) 103and then runs the 104.Pa /usr/libexec/yppwupdate 105script to rebuild the NIS maps. (This script has two arguments passed 106to it: the absolute pathname of the password template that was modified 107and the name of the domain that is to be updated. These in turn are 108passed to 109.Pa /var/yp/Makefile ) . 110.Pp 111The 112.Bx Free 113version of 114.Nm 115also allows the super-user on the NIS master server to perform more 116sophisticated updates on the NIS passwd maps. The super-user can modify 117any field in any user's master.passwd entry in any domain, and can 118do so without knowing the user's existing NIS password (when the server 119receives a request from the super-user, the password authentication 120check is bypassed). Furthermore, if the server is invoked with the 121.Fl a 122flag, the super-user can even add new entries to the maps using 123.Xr ypchpass 1 . 124Again, this only applies to the super-user on the NIS 125master server: none of these special functions can be peformed over 126the network. 127.Pp 128The 129.Nm 130daemon can only be run on a machine that is an NIS master server. 131.Sh OPTIONS 132The following options are available: 133.Bl -tag -width indent 134.It Fl t Ar master.passwd template file 135By default, 136.Nm 137assumes that the template file used to generates the 138.Pa master.passwd 139and 140.Pa passwd 141maps for the default domain is called 142.Pa /var/yp/master.passwd . 143This default can be overridden by specifying an alternate file name 144with the 145.Fl t 146flag. 147.Pp 148Note: if the template file specified with this flag is 149.Pa /etc/master.passwd , 150.Nm 151will also automatically invoke 152.Xr pwd_mkdb 8 153to rebuild the local password databases in addition to the NIS 154maps. 155.It Fl d Ar domain 156The 157.Nm 158server can support multiple domains, however it must 159choose one domain as a default. 160It will try to use the system default domain name as set by the 161.Xr domainname 1 162command for this default. However, 163if the system domain name is not 164set, a default domain must be specified on 165the command line. If the system default domain is set, 166then this option can be used to override it. 167.It Fl p Ar path 168This option can be used to override the default path to 169the location of the NIS 170map databases. The compiled-in default path is 171.Pa /var/yp . 172.It Fl s 173Disallow changing of shell information. 174.It Fl f 175Disallow changing of full name ('GECOS') information. 176.It Fl a 177Allow additions to be made to the NIS passwd databases. The super-user on the 178NIS master server is permitted to use the 179.Xr ypchpass 1 180command to perform unrestricted modifications to any field in a user's 181.Pa master.passwd 182map entry. When 183.Nm 184is started with this flag, it will also allow the super-user to add new 185records to the NIS passwd maps, just as is possible when using 186.Xr chpass 1 187to modify the local password database. 188.It Fl m 189Turn on multi-domain mode. Even though 190.Xr ypserv 8 191can handle several simultaneous domains, most implementations of 192.Nm 193can only operate on a single NIS domain, which is generally the same as 194the system default domain of the NIS master server. The 195.Bx Free 196.Nm 197attempts to overcome this problem in spite of the inherent limitations 198of the 199.Pa yppasswd 200protocol, which does not allow for a 201.Pa domain 202argument in client requests. In multi-domain mode, 203.Nm 204will search through all the passwd maps of all the domains it 205can find under 206.Pa /var/yp 207until it finds an entry that matches the user information specified in 208a given update request. (Matches are determined by checking the username, 209UID and GID fields.) The matched entry and corresponding domain are then 210used for the update. 211.Pp 212Note that in order for multi-domain mode to work, there have to be 213seperate template files for each domain. For example, if a server 214supports three domains, 215.Pa foo , 216.Pa bar , 217and 218.Pa baz , 219there should be three seperate master.passwd template files called 220.Pa /var/yp/foo/master.passwd , 221.Pa /var/yp/bar/master.passwd , 222and 223.Pa /var/yp/baz/master.passwd . 224If 225.Pa foo 226happens to be the system default domain, then its template file can 227be either 228.Pa /var/yp/foo/master.passwd 229or 230.Pa /var/yp/master.passwd . 231The server will check for the latter file first and then use the former 232if it can't find it. 233.Pp 234Multi-domain mode is off by default since it can fail if there are 235duplicate or near-duplicate user entries in different domains. The server 236will abort an update request if it finds more than one user entry that 237matches its search criteria. Even so, paranoid administrators 238may wish to leave multi-domain mode disabled. 239.It Fl i 240If 241.Nm 242is invoked with this flag, it will perform map updates in place. This 243means that instead of just modifying the password template file and 244starting a map update, the server will modify the map databases 245directly. This is useful when the password maps are large: if, for 246example, the password database has tens of thousands of entries, it 247can take several minutes for a map update to complete. Updating the 248maps in place reduces this time to a few seconds. 249.It Fl v 250Turn on verbose logging mode. The server normally only logs messages 251using the 252.Xr syslog 3 253facility when it encounters an error condition, or when processing 254updates for the super-user on the NIS master server. Running the server 255with the 256.Fl v 257flag will cause it to log informational messages for all updates. 258.It Fl u 259Many commercial 260.Xr yppasswd 1 261clients do not use a reserved port when sending requests to 262.Nm rpc.yppasswdd . 263This is either because the 264.Xr yppasswd 1 265program is not installed set-uid root, or because the RPC 266implementation does not place any emphasis on binding to reserved 267ports when establishing client connections for the super-user. 268By default, 269.Nm 270expects to receive requests from clients using reserved ports; requests 271received from non-privileged ports are rejected. Unfortunately, this 272behavior prevents any client systems that to not use privileged 273ports from sucessfully submitting password updates. Specifying 274the 275.Fl u 276flag to 277.Nm 278disables the privileged port check so that it will work with 279.Xr yppasswd 1 280clients that don't use privileged ports. This reduces security to 281a certain small degree, but it might be necessary in cases where it 282is not possible to change the client behavior. 283.It Fl h 284Display the list of flags and options understood by 285.Nm rpc.yppasswdd . 286.El 287.Sh FILES 288.Bl -tag -width Pa -compact 289.It Pa /usr/libexec/yppwupdate 290The script invoked by 291.Nm 292to update and push the NIS maps after 293an update. 294.It Pa /var/yp/master.passwd 295The template password file for the default domain. 296.It Pa /var/yp/[domainname]/[maps] 297The NIS maps for a particular NIS domain. 298.It Pa /var/yp/[domainname]/master.passwd 299The template password file(s) for non-default domains 300(used only in multi-domain mode). 301.El 302.Sh SEE ALSO 303.Xr yp 4 , 304.Xr yppush 8 , 305.Xr ypserv 8 , 306.Xr ypxfr 8 307.Sh BUGS 308As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 309procedure takes two arguments: a V7-style passwd structure containing 310updated user information and the user's existing unencrypted (cleartext) 311password. Since 312.Nm 313is supposed to handle update requests from remote NIS client machines, 314this means that 315.Xr yppasswd 1 316and similar client programs will in fact be transmitting users' cleartext 317passwords over the network. 318.Pp 319This is not a problem for password updates since the plaintext password 320sent with the update will no longer be valid once the new encrypted password 321is put into place, but if the user is only updating his or her 'GECOS' 322information or shell, then the cleartext password sent with the update 323will still be valid once the update is completed. If the network is 324insecure, this cleartext password could be intercepted and used to 325gain unauthorized access to the user's account. 326.Sh AUTHORS 327.An Bill Paul Aq wpaul@ctr.columbia.edu 328