1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $FreeBSD$ 32.\" 33.Dd February 8, 1996 34.Dt RPC.YPPASSWDD 8 35.Os 36.Sh NAME 37.Nm rpc.yppasswdd 38.Nd "server for updating NIS passwords" 39.Sh SYNOPSIS 40.Nm 41.Op Fl t Ar master.passwd template file 42.Op Fl d Ar default domain 43.Op Fl p Ar path 44.Op Fl s 45.Op Fl f 46.Op Fl a 47.Op Fl m 48.Op Fl i 49.Op Fl v 50.Op Fl u 51.Op Fl h 52.Sh DESCRIPTION 53The 54.Nm 55daemon allows users to change their NIS passwords and certain 56other information using the 57.Xr yppasswd 1 58and 59.Xr ypchpass 1 60commands. 61.Nm Rpc.yppasswdd 62is an RPC-based server that accepts incoming password change requests, 63authenticates them, places the updated information in the 64.Pa /var/yp/master.passwd 65template file and then updates the NIS 66.Pa master.passwd 67and 68.Pa passwd 69maps. 70.Pp 71The 72.Nm 73server allows a normal NIS user to change 74his or her NIS password, full name (also 75known as 'GECOS' field) or shell. 76These updates are typically done using 77the 78.Xr yppasswd 1 , 79.Xr ypchfn 1 , 80.Xr ypchsh 1 , 81or 82.Xr ypchpass 1 83commands. 84(Some administrators don't want users to be able to change their 85full name information or shells; the server can be invoked with option flags 86that disallow such changes.) 87When the server receives an update request, 88it compares the address of the client making the request against the 89.Pa securenets 90rules outlined in 91.Pa /var/yp/securenets . 92(See the 93.Xr ypserv 8 94manual page for more information on securenets; the 95.Nm 96server uses the same access control mechanism as 97.Xr ypserv 8 . ) 98.Pp 99The server then 100checks the 'old' password supplied by the user to make sure it's 101valid, then performs some sanity checks on the updated information (these 102include checking for embedded control characters, colons or invalid shells). 103Once it is satisfied that the update request is valid, the server modifies 104the template password file (the default is 105.Pa /var/yp/master.passwd ) 106and then runs the 107.Pa /usr/libexec/yppwupdate 108script to rebuild the NIS maps. 109(This script has two arguments passed 110to it: the absolute pathname of the password template that was modified 111and the name of the domain that is to be updated. 112These in turn are 113passed to 114.Pa /var/yp/Makefile ) . 115.Pp 116The 117.Fx 118version of 119.Nm 120also allows the super-user on the NIS master server to perform more 121sophisticated updates on the NIS passwd maps. 122The super-user can modify 123any field in any user's master.passwd entry in any domain, and can 124do so without knowing the user's existing NIS password (when the server 125receives a request from the super-user, the password authentication 126check is bypassed). Furthermore, if the server is invoked with the 127.Fl a 128flag, the super-user can even add new entries to the maps using 129.Xr ypchpass 1 . 130Again, this only applies to the super-user on the NIS 131master server: none of these special functions can be peformed over 132the network. 133.Pp 134The 135.Nm 136daemon can only be run on a machine that is an NIS master server. 137.Sh OPTIONS 138The following options are available: 139.Bl -tag -width indent 140.It Fl t Ar master.passwd template file 141By default, 142.Nm 143assumes that the template file used to generates the 144.Pa master.passwd 145and 146.Pa passwd 147maps for the default domain is called 148.Pa /var/yp/master.passwd . 149This default can be overridden by specifying an alternate file name 150with the 151.Fl t 152flag. 153.Pp 154Note: if the template file specified with this flag is 155.Pa /etc/master.passwd , 156.Nm 157will also automatically invoke 158.Xr pwd_mkdb 8 159to rebuild the local password databases in addition to the NIS 160maps. 161.It Fl d Ar domain 162The 163.Nm 164server can support multiple domains, however it must 165choose one domain as a default. 166It will try to use the system default domain name as set by the 167.Xr domainname 1 168command for this default. 169However, 170if the system domain name is not 171set, a default domain must be specified on 172the command line. 173If the system default domain is set, 174then this option can be used to override it. 175.It Fl p Ar path 176This option can be used to override the default path to 177the location of the NIS 178map databases. 179The compiled-in default path is 180.Pa /var/yp . 181.It Fl s 182Disallow changing of shell information. 183.It Fl f 184Disallow changing of full name ('GECOS') information. 185.It Fl a 186Allow additions to be made to the NIS passwd databases. 187The super-user on the 188NIS master server is permitted to use the 189.Xr ypchpass 1 190command to perform unrestricted modifications to any field in a user's 191.Pa master.passwd 192map entry. 193When 194.Nm 195is started with this flag, it will also allow the super-user to add new 196records to the NIS passwd maps, just as is possible when using 197.Xr chpass 1 198to modify the local password database. 199.It Fl m 200Turn on multi-domain mode. 201Even though 202.Xr ypserv 8 203can handle several simultaneous domains, most implementations of 204.Nm 205can only operate on a single NIS domain, which is generally the same as 206the system default domain of the NIS master server. 207The 208.Fx 209.Nm 210attempts to overcome this problem in spite of the inherent limitations 211of the 212.Pa yppasswd 213protocol, which does not allow for a 214.Pa domain 215argument in client requests. 216In multi-domain mode, 217.Nm 218will search through all the passwd maps of all the domains it 219can find under 220.Pa /var/yp 221until it finds an entry that matches the user information specified in 222a given update request. 223(Matches are determined by checking the username, 224UID and GID fields.) 225The matched entry and corresponding domain are then 226used for the update. 227.Pp 228Note that in order for multi-domain mode to work, there have to be 229separate template files for each domain. 230For example, if a server 231supports three domains, 232.Pa foo , 233.Pa bar , 234and 235.Pa baz , 236there should be three separate master.passwd template files called 237.Pa /var/yp/foo/master.passwd , 238.Pa /var/yp/bar/master.passwd , 239and 240.Pa /var/yp/baz/master.passwd . 241If 242.Pa foo 243happens to be the system default domain, then its template file can 244be either 245.Pa /var/yp/foo/master.passwd 246or 247.Pa /var/yp/master.passwd . 248The server will check for the latter file first and then use the former 249if it can't find it. 250.Pp 251Multi-domain mode is off by default since it can fail if there are 252duplicate or near-duplicate user entries in different domains. 253The server 254will abort an update request if it finds more than one user entry that 255matches its search criteria. 256Even so, paranoid administrators 257may wish to leave multi-domain mode disabled. 258.It Fl i 259If 260.Nm 261is invoked with this flag, it will perform map updates in place. 262This 263means that instead of just modifying the password template file and 264starting a map update, the server will modify the map databases 265directly. 266This is useful when the password maps are large: if, for 267example, the password database has tens of thousands of entries, it 268can take several minutes for a map update to complete. 269Updating the 270maps in place reduces this time to a few seconds. 271.It Fl v 272Turn on verbose logging mode. 273The server normally only logs messages 274using the 275.Xr syslog 3 276facility when it encounters an error condition, or when processing 277updates for the super-user on the NIS master server. 278Running the server 279with the 280.Fl v 281flag will cause it to log informational messages for all updates. 282.It Fl u 283Many commercial 284.Xr yppasswd 1 285clients do not use a reserved port when sending requests to 286.Nm . 287This is either because the 288.Xr yppasswd 1 289program is not installed set-uid root, or because the RPC 290implementation does not place any emphasis on binding to reserved 291ports when establishing client connections for the super-user. 292By default, 293.Nm 294expects to receive requests from clients using reserved ports; requests 295received from non-privileged ports are rejected. 296Unfortunately, this 297behavior prevents any client systems that to not use privileged 298ports from sucessfully submitting password updates. 299Specifying 300the 301.Fl u 302flag to 303.Nm 304disables the privileged port check so that it will work with 305.Xr yppasswd 1 306clients that don't use privileged ports. 307This reduces security to 308a certain small degree, but it might be necessary in cases where it 309is not possible to change the client behavior. 310.It Fl h 311Display the list of flags and options understood by 312.Nm . 313.El 314.Sh FILES 315.Bl -tag -width Pa -compact 316.It Pa /usr/libexec/yppwupdate 317The script invoked by 318.Nm 319to update and push the NIS maps after 320an update. 321.It Pa /var/yp/master.passwd 322The template password file for the default domain. 323.It Pa /var/yp/[domainname]/[maps] 324The NIS maps for a particular NIS domain. 325.It Pa /var/yp/[domainname]/master.passwd 326The template password file(s) for non-default domains 327(used only in multi-domain mode). 328.El 329.Sh SEE ALSO 330.Xr yp 4 , 331.Xr yppush 8 , 332.Xr ypserv 8 , 333.Xr ypxfr 8 334.Sh BUGS 335As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 336procedure takes two arguments: a V7-style passwd structure containing 337updated user information and the user's existing unencrypted (cleartext) 338password. 339Since 340.Nm 341is supposed to handle update requests from remote NIS client machines, 342this means that 343.Xr yppasswd 1 344and similar client programs will in fact be transmitting users' cleartext 345passwords over the network. 346.Pp 347This is not a problem for password updates since the plaintext password 348sent with the update will no longer be valid once the new encrypted password 349is put into place, but if the user is only updating his or her 'GECOS' 350information or shell, then the cleartext password sent with the update 351will still be valid once the update is completed. 352If the network is 353insecure, this cleartext password could be intercepted and used to 354gain unauthorized access to the user's account. 355.Sh AUTHORS 356.An Bill Paul Aq wpaul@ctr.columbia.edu 357