xref: /freebsd/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1.\" Copyright (c) 1995, 1996
2.\"	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by Bill Paul.
15.\" 4. Neither the name of the author nor the names of contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.Dd February 8, 1996
32.Dt RPC.YPPASSWDD 8
33.Os
34.Sh NAME
35.Nm rpc.yppasswdd
36.Nd "server for updating NIS passwords"
37.Sh SYNOPSIS
38.Nm
39.Op Fl t Ar master.passwd template file
40.Op Fl d Ar default domain
41.Op Fl p Ar path
42.Op Fl s
43.Op Fl f
44.Op Fl a
45.Op Fl m
46.Op Fl i
47.Op Fl v
48.Op Fl u
49.Op Fl h
50.Sh DESCRIPTION
51The
52.Nm
53utility allows users to change their NIS passwords and certain
54other information using the
55.Xr yppasswd 1
56and
57.Xr ypchpass 1
58commands.
59The
60.Nm
61utility
62is an RPC-based server that accepts incoming password change requests,
63authenticates them, places the updated information in the
64.Pa /var/yp/master.passwd
65template file and then updates the NIS
66.Pa master.passwd
67and
68.Pa passwd
69maps.
70.Pp
71The
72.Nm
73utility allows a normal NIS user to change
74his or her NIS password, full name (also
75known as 'GECOS' field) or shell.
76These updates are typically done using
77the
78.Xr yppasswd 1 ,
79.Xr ypchfn 1 ,
80.Xr ypchsh 1 ,
81or
82.Xr ypchpass 1
83commands.
84(Some administrators do not want users to be able to change their
85full name information or shells; the server can be invoked with option flags
86that disallow such changes.)
87When the server receives an update request,
88it compares the address of the client making the request against the
89.Pa securenets
90rules outlined in
91.Pa /var/yp/securenets .
92(See the
93.Xr ypserv 8
94manual page for more information on securenets; the
95.Nm
96utility uses the same access control mechanism as
97.Xr ypserv 8 . )
98.Pp
99The server then
100checks the 'old' password supplied by the user to make sure it is
101valid, then performs some sanity checks on the updated information (these
102include checking for embedded control characters, colons or invalid shells).
103Once it is satisfied that the update request is valid, the server modifies
104the template password file (the default is
105.Pa /var/yp/master.passwd )
106and then runs the
107.Pa /usr/libexec/yppwupdate
108script to rebuild the NIS maps.
109(This script has two arguments passed
110to it: the absolute pathname of the password template that was modified
111and the name of the domain that is to be updated.
112These in turn are
113passed to
114.Pa /var/yp/Makefile ) .
115.Pp
116The
117.Fx
118version of
119.Nm
120also allows the super-user on the NIS master server to perform more
121sophisticated updates on the NIS passwd maps.
122The super-user can modify
123any field in any user's master.passwd entry in any domain, and can
124do so without knowing the user's existing NIS password (when the server
125receives a request from the super-user, the password authentication
126check is bypassed).
127Furthermore, if the server is invoked with the
128.Fl a
129flag, the super-user can even add new entries to the maps using
130.Xr ypchpass 1 .
131Again, this only applies to the super-user on the NIS
132master server: none of these special functions can be performed over
133the network.
134.Pp
135The
136.Nm
137utility can only be run on a machine that is an NIS master server.
138.Sh OPTIONS
139The following options are available:
140.Bl -tag -width indent
141.It Fl t Ar master.passwd template file
142By default,
143.Nm
144assumes that the template file used to generates the
145.Pa master.passwd
146and
147.Pa passwd
148maps for the default domain is called
149.Pa /var/yp/master.passwd .
150This default can be overridden by specifying an alternate file name
151with the
152.Fl t
153flag.
154.Pp
155Note: if the template file specified with this flag is
156.Pa /etc/master.passwd ,
157.Nm
158will also automatically invoke
159.Xr pwd_mkdb 8
160to rebuild the local password databases in addition to the NIS
161maps.
162.It Fl d Ar domain
163The
164.Nm
165utility can support multiple domains, however it must
166choose one domain as a default.
167It will try to use the system default domain name as set by the
168.Xr domainname 1
169command for this default.
170However,
171if the system domain name is not
172set, a default domain must be specified on
173the command line.
174If the system default domain is set,
175then this option can be used to override it.
176.It Fl p Ar path
177This option can be used to override the default path to
178the location of the NIS
179map databases.
180The compiled-in default path is
181.Pa /var/yp .
182.It Fl s
183Disallow changing of shell information.
184.It Fl f
185Disallow changing of full name ('GECOS') information.
186.It Fl a
187Allow additions to be made to the NIS passwd databases.
188The super-user on the
189NIS master server is permitted to use the
190.Xr ypchpass 1
191command to perform unrestricted modifications to any field in a user's
192.Pa master.passwd
193map entry.
194When
195.Nm
196is started with this flag, it will also allow the super-user to add new
197records to the NIS passwd maps, just as is possible when using
198.Xr chpass 1
199to modify the local password database.
200.It Fl m
201Turn on multi-domain mode.
202Even though
203.Xr ypserv 8
204can handle several simultaneous domains, most implementations of
205.Nm
206can only operate on a single NIS domain, which is generally the same as
207the system default domain of the NIS master server.
208The
209.Fx
210.Nm
211attempts to overcome this problem in spite of the inherent limitations
212of the
213.Pa yppasswd
214protocol, which does not allow for a
215.Pa domain
216argument in client requests.
217In multi-domain mode,
218.Nm
219will search through all the passwd maps of all the domains it
220can find under
221.Pa /var/yp
222until it finds an entry that matches the user information specified in
223a given update request.
224(Matches are determined by checking the username,
225UID and GID fields.)
226The matched entry and corresponding domain are then
227used for the update.
228.Pp
229Note that in order for multi-domain mode to work, there have to be
230separate template files for each domain.
231For example, if a server
232supports three domains,
233.Pa foo ,
234.Pa bar ,
235and
236.Pa baz ,
237there should be three separate master.passwd template files called
238.Pa /var/yp/foo/master.passwd ,
239.Pa /var/yp/bar/master.passwd ,
240and
241.Pa /var/yp/baz/master.passwd .
242If
243.Pa foo
244happens to be the system default domain, then its template file can
245be either
246.Pa /var/yp/foo/master.passwd
247or
248.Pa /var/yp/master.passwd .
249The server will check for the latter file first and then use the former
250if it cannot find it.
251.Pp
252Multi-domain mode is off by default since it can fail if there are
253duplicate or near-duplicate user entries in different domains.
254The server
255will abort an update request if it finds more than one user entry that
256matches its search criteria.
257Even so, paranoid administrators
258may wish to leave multi-domain mode disabled.
259.It Fl i
260If
261.Nm
262is invoked with this flag, it will perform map updates in place.
263This
264means that instead of just modifying the password template file and
265starting a map update, the server will modify the map databases
266directly.
267This is useful when the password maps are large: if, for
268example, the password database has tens of thousands of entries, it
269can take several minutes for a map update to complete.
270Updating the
271maps in place reduces this time to a few seconds.
272.It Fl v
273Turn on verbose logging mode.
274The server normally only logs messages
275using the
276.Xr syslog 3
277facility when it encounters an error condition, or when processing
278updates for the super-user on the NIS master server.
279Running the server
280with the
281.Fl v
282flag will cause it to log informational messages for all updates.
283.It Fl u
284Many commercial
285.Xr yppasswd 1
286clients do not use a reserved port when sending requests to
287.Nm .
288This is either because the
289.Xr yppasswd 1
290program is not installed set-uid root, or because the RPC
291implementation does not place any emphasis on binding to reserved
292ports when establishing client connections for the super-user.
293By default,
294.Nm
295expects to receive requests from clients using reserved ports; requests
296received from non-privileged ports are rejected.
297Unfortunately, this
298behavior prevents any client systems that to not use privileged
299ports from successfully submitting password updates.
300Specifying
301the
302.Fl u
303flag to
304.Nm
305disables the privileged port check so that it will work with
306.Xr yppasswd 1
307clients that do not use privileged ports.
308This reduces security to
309a certain small degree, but it might be necessary in cases where it
310is not possible to change the client behavior.
311.It Fl h
312Display the list of flags and options understood by
313.Nm .
314.El
315.Sh FILES
316.Bl -tag -width Pa -compact
317.It Pa /usr/libexec/yppwupdate
318The script invoked by
319.Nm
320to update and push the NIS maps after
321an update.
322.It Pa /var/yp/master.passwd
323The template password file for the default domain.
324.It Pa /var/yp/[domainname]/[maps]
325The NIS maps for a particular NIS domain.
326.It Pa /var/yp/[domainname]/master.passwd
327The template password file(s) for non-default domains
328(used only in multi-domain mode).
329.El
330.Sh SEE ALSO
331.Xr yp 8 ,
332.Xr yppush 8 ,
333.Xr ypserv 8 ,
334.Xr ypxfr 8
335.Sh AUTHORS
336.An Bill Paul Aq Mt wpaul@ctr.columbia.edu
337.Sh BUGS
338As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE
339procedure takes two arguments: a V7-style passwd structure containing
340updated user information and the user's existing unencrypted (cleartext)
341password.
342Since
343.Nm
344is supposed to handle update requests from remote NIS client machines,
345this means that
346.Xr yppasswd 1
347and similar client programs will in fact be transmitting users' cleartext
348passwords over the network.
349.Pp
350This is not a problem for password updates since the plaintext password
351sent with the update will no longer be valid once the new encrypted password
352is put into place, but if the user is only updating his or her 'GECOS'
353information or shell, then the cleartext password sent with the update
354will still be valid once the update is completed.
355If the network is
356insecure, this cleartext password could be intercepted and used to
357gain unauthorized access to the user's account.
358