1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $FreeBSD$ 32.\" 33.Dd February 8, 1996 34.Dt RPC.YPPASSWDD 8 35.Os 36.Sh NAME 37.Nm rpc.yppasswdd 38.Nd "server for updating NIS passwords" 39.Sh SYNOPSIS 40.Nm 41.Op Fl t Ar master.passwd template file 42.Op Fl d Ar default domain 43.Op Fl p Ar path 44.Op Fl s 45.Op Fl f 46.Op Fl a 47.Op Fl m 48.Op Fl i 49.Op Fl v 50.Op Fl u 51.Op Fl h 52.Sh DESCRIPTION 53The 54.Nm 55utility allows users to change their NIS passwords and certain 56other information using the 57.Xr yppasswd 1 58and 59.Xr ypchpass 1 60commands. 61The 62.Nm 63utility 64is an RPC-based server that accepts incoming password change requests, 65authenticates them, places the updated information in the 66.Pa /var/yp/master.passwd 67template file and then updates the NIS 68.Pa master.passwd 69and 70.Pa passwd 71maps. 72.Pp 73The 74.Nm 75utility allows a normal NIS user to change 76his or her NIS password, full name (also 77known as 'GECOS' field) or shell. 78These updates are typically done using 79the 80.Xr yppasswd 1 , 81.Xr ypchfn 1 , 82.Xr ypchsh 1 , 83or 84.Xr ypchpass 1 85commands. 86(Some administrators don't want users to be able to change their 87full name information or shells; the server can be invoked with option flags 88that disallow such changes.) 89When the server receives an update request, 90it compares the address of the client making the request against the 91.Pa securenets 92rules outlined in 93.Pa /var/yp/securenets . 94(See the 95.Xr ypserv 8 96manual page for more information on securenets; the 97.Nm 98utility uses the same access control mechanism as 99.Xr ypserv 8 . ) 100.Pp 101The server then 102checks the 'old' password supplied by the user to make sure it's 103valid, then performs some sanity checks on the updated information (these 104include checking for embedded control characters, colons or invalid shells). 105Once it is satisfied that the update request is valid, the server modifies 106the template password file (the default is 107.Pa /var/yp/master.passwd ) 108and then runs the 109.Pa /usr/libexec/yppwupdate 110script to rebuild the NIS maps. 111(This script has two arguments passed 112to it: the absolute pathname of the password template that was modified 113and the name of the domain that is to be updated. 114These in turn are 115passed to 116.Pa /var/yp/Makefile ) . 117.Pp 118The 119.Fx 120version of 121.Nm 122also allows the super-user on the NIS master server to perform more 123sophisticated updates on the NIS passwd maps. 124The super-user can modify 125any field in any user's master.passwd entry in any domain, and can 126do so without knowing the user's existing NIS password (when the server 127receives a request from the super-user, the password authentication 128check is bypassed). Furthermore, if the server is invoked with the 129.Fl a 130flag, the super-user can even add new entries to the maps using 131.Xr ypchpass 1 . 132Again, this only applies to the super-user on the NIS 133master server: none of these special functions can be performed over 134the network. 135.Pp 136The 137.Nm 138utility can only be run on a machine that is an NIS master server. 139.Sh OPTIONS 140The following options are available: 141.Bl -tag -width indent 142.It Fl t Ar master.passwd template file 143By default, 144.Nm 145assumes that the template file used to generates the 146.Pa master.passwd 147and 148.Pa passwd 149maps for the default domain is called 150.Pa /var/yp/master.passwd . 151This default can be overridden by specifying an alternate file name 152with the 153.Fl t 154flag. 155.Pp 156Note: if the template file specified with this flag is 157.Pa /etc/master.passwd , 158.Nm 159will also automatically invoke 160.Xr pwd_mkdb 8 161to rebuild the local password databases in addition to the NIS 162maps. 163.It Fl d Ar domain 164The 165.Nm 166utility can support multiple domains, however it must 167choose one domain as a default. 168It will try to use the system default domain name as set by the 169.Xr domainname 1 170command for this default. 171However, 172if the system domain name is not 173set, a default domain must be specified on 174the command line. 175If the system default domain is set, 176then this option can be used to override it. 177.It Fl p Ar path 178This option can be used to override the default path to 179the location of the NIS 180map databases. 181The compiled-in default path is 182.Pa /var/yp . 183.It Fl s 184Disallow changing of shell information. 185.It Fl f 186Disallow changing of full name ('GECOS') information. 187.It Fl a 188Allow additions to be made to the NIS passwd databases. 189The super-user on the 190NIS master server is permitted to use the 191.Xr ypchpass 1 192command to perform unrestricted modifications to any field in a user's 193.Pa master.passwd 194map entry. 195When 196.Nm 197is started with this flag, it will also allow the super-user to add new 198records to the NIS passwd maps, just as is possible when using 199.Xr chpass 1 200to modify the local password database. 201.It Fl m 202Turn on multi-domain mode. 203Even though 204.Xr ypserv 8 205can handle several simultaneous domains, most implementations of 206.Nm 207can only operate on a single NIS domain, which is generally the same as 208the system default domain of the NIS master server. 209The 210.Fx 211.Nm 212attempts to overcome this problem in spite of the inherent limitations 213of the 214.Pa yppasswd 215protocol, which does not allow for a 216.Pa domain 217argument in client requests. 218In multi-domain mode, 219.Nm 220will search through all the passwd maps of all the domains it 221can find under 222.Pa /var/yp 223until it finds an entry that matches the user information specified in 224a given update request. 225(Matches are determined by checking the username, 226UID and GID fields.) 227The matched entry and corresponding domain are then 228used for the update. 229.Pp 230Note that in order for multi-domain mode to work, there have to be 231separate template files for each domain. 232For example, if a server 233supports three domains, 234.Pa foo , 235.Pa bar , 236and 237.Pa baz , 238there should be three separate master.passwd template files called 239.Pa /var/yp/foo/master.passwd , 240.Pa /var/yp/bar/master.passwd , 241and 242.Pa /var/yp/baz/master.passwd . 243If 244.Pa foo 245happens to be the system default domain, then its template file can 246be either 247.Pa /var/yp/foo/master.passwd 248or 249.Pa /var/yp/master.passwd . 250The server will check for the latter file first and then use the former 251if it can't find it. 252.Pp 253Multi-domain mode is off by default since it can fail if there are 254duplicate or near-duplicate user entries in different domains. 255The server 256will abort an update request if it finds more than one user entry that 257matches its search criteria. 258Even so, paranoid administrators 259may wish to leave multi-domain mode disabled. 260.It Fl i 261If 262.Nm 263is invoked with this flag, it will perform map updates in place. 264This 265means that instead of just modifying the password template file and 266starting a map update, the server will modify the map databases 267directly. 268This is useful when the password maps are large: if, for 269example, the password database has tens of thousands of entries, it 270can take several minutes for a map update to complete. 271Updating the 272maps in place reduces this time to a few seconds. 273.It Fl v 274Turn on verbose logging mode. 275The server normally only logs messages 276using the 277.Xr syslog 3 278facility when it encounters an error condition, or when processing 279updates for the super-user on the NIS master server. 280Running the server 281with the 282.Fl v 283flag will cause it to log informational messages for all updates. 284.It Fl u 285Many commercial 286.Xr yppasswd 1 287clients do not use a reserved port when sending requests to 288.Nm . 289This is either because the 290.Xr yppasswd 1 291program is not installed set-uid root, or because the RPC 292implementation does not place any emphasis on binding to reserved 293ports when establishing client connections for the super-user. 294By default, 295.Nm 296expects to receive requests from clients using reserved ports; requests 297received from non-privileged ports are rejected. 298Unfortunately, this 299behavior prevents any client systems that to not use privileged 300ports from successfully submitting password updates. 301Specifying 302the 303.Fl u 304flag to 305.Nm 306disables the privileged port check so that it will work with 307.Xr yppasswd 1 308clients that don't use privileged ports. 309This reduces security to 310a certain small degree, but it might be necessary in cases where it 311is not possible to change the client behavior. 312.It Fl h 313Display the list of flags and options understood by 314.Nm . 315.El 316.Sh FILES 317.Bl -tag -width Pa -compact 318.It Pa /usr/libexec/yppwupdate 319The script invoked by 320.Nm 321to update and push the NIS maps after 322an update. 323.It Pa /var/yp/master.passwd 324The template password file for the default domain. 325.It Pa /var/yp/[domainname]/[maps] 326The NIS maps for a particular NIS domain. 327.It Pa /var/yp/[domainname]/master.passwd 328The template password file(s) for non-default domains 329(used only in multi-domain mode). 330.El 331.Sh SEE ALSO 332.Xr yp 8 , 333.Xr yppush 8 , 334.Xr ypserv 8 , 335.Xr ypxfr 8 336.Sh BUGS 337As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 338procedure takes two arguments: a V7-style passwd structure containing 339updated user information and the user's existing unencrypted (cleartext) 340password. 341Since 342.Nm 343is supposed to handle update requests from remote NIS client machines, 344this means that 345.Xr yppasswd 1 346and similar client programs will in fact be transmitting users' cleartext 347passwords over the network. 348.Pp 349This is not a problem for password updates since the plaintext password 350sent with the update will no longer be valid once the new encrypted password 351is put into place, but if the user is only updating his or her 'GECOS' 352information or shell, then the cleartext password sent with the update 353will still be valid once the update is completed. 354If the network is 355insecure, this cleartext password could be intercepted and used to 356gain unauthorized access to the user's account. 357.Sh AUTHORS 358.An Bill Paul Aq wpaul@ctr.columbia.edu 359