xref: /freebsd/usr.sbin/rpc.yppasswdd/rpc.yppasswdd.8 (revision 8ddb146abcdf061be9f2c0db7e391697dafad85c)
1.\" Copyright (c) 1995, 1996
2.\"	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\"    must display the following acknowledgement:
14.\"	This product includes software developed by Bill Paul.
15.\" 4. Neither the name of the author nor the names of contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd February 8, 1996
34.Dt RPC.YPPASSWDD 8
35.Os
36.Sh NAME
37.Nm rpc.yppasswdd
38.Nd "server for updating NIS passwords"
39.Sh SYNOPSIS
40.Nm
41.Op Fl t Ar master.passwd template file
42.Op Fl d Ar default domain
43.Op Fl p Ar path
44.Op Fl s
45.Op Fl f
46.Op Fl a
47.Op Fl m
48.Op Fl i
49.Op Fl v
50.Op Fl u
51.Op Fl h
52.Sh DESCRIPTION
53The
54.Nm
55utility allows users to change their NIS passwords and certain
56other information using the
57.Xr yppasswd 1
58and
59.Xr ypchpass 1
60commands.
61The
62.Nm
63utility
64is an RPC-based server that accepts incoming password change requests,
65authenticates them, places the updated information in the
66.Pa /var/yp/master.passwd
67template file and then updates the NIS
68.Pa master.passwd
69and
70.Pa passwd
71maps.
72.Pp
73The
74.Nm
75utility allows a normal NIS user to change
76his or her NIS password, full name (also
77known as 'GECOS' field) or shell.
78These updates are typically done using
79the
80.Xr yppasswd 1 ,
81.Xr ypchfn 1 ,
82.Xr ypchsh 1 ,
83or
84.Xr ypchpass 1
85commands.
86(Some administrators do not want users to be able to change their
87full name information or shells; the server can be invoked with option flags
88that disallow such changes.)
89When the server receives an update request,
90it compares the address of the client making the request against the
91.Pa securenets
92rules outlined in
93.Pa /var/yp/securenets .
94(See the
95.Xr ypserv 8
96manual page for more information on securenets; the
97.Nm
98utility uses the same access control mechanism as
99.Xr ypserv 8 . )
100.Pp
101The server then
102checks the 'old' password supplied by the user to make sure it is
103valid, then performs some sanity checks on the updated information (these
104include checking for embedded control characters, colons or invalid shells).
105Once it is satisfied that the update request is valid, the server modifies
106the template password file (the default is
107.Pa /var/yp/master.passwd )
108and then runs the
109.Pa /usr/libexec/yppwupdate
110script to rebuild the NIS maps.
111(This script has two arguments passed
112to it: the absolute pathname of the password template that was modified
113and the name of the domain that is to be updated.
114These in turn are
115passed to
116.Pa /var/yp/Makefile ) .
117.Pp
118The
119.Fx
120version of
121.Nm
122also allows the super-user on the NIS master server to perform more
123sophisticated updates on the NIS passwd maps.
124The super-user can modify
125any field in any user's master.passwd entry in any domain, and can
126do so without knowing the user's existing NIS password (when the server
127receives a request from the super-user, the password authentication
128check is bypassed).
129Furthermore, if the server is invoked with the
130.Fl a
131flag, the super-user can even add new entries to the maps using
132.Xr ypchpass 1 .
133Again, this only applies to the super-user on the NIS
134master server: none of these special functions can be performed over
135the network.
136.Pp
137The
138.Nm
139utility can only be run on a machine that is an NIS master server.
140.Sh OPTIONS
141The following options are available:
142.Bl -tag -width indent
143.It Fl t Ar master.passwd template file
144By default,
145.Nm
146assumes that the template file used to generates the
147.Pa master.passwd
148and
149.Pa passwd
150maps for the default domain is called
151.Pa /var/yp/master.passwd .
152This default can be overridden by specifying an alternate file name
153with the
154.Fl t
155flag.
156.Pp
157Note: if the template file specified with this flag is
158.Pa /etc/master.passwd ,
159.Nm
160will also automatically invoke
161.Xr pwd_mkdb 8
162to rebuild the local password databases in addition to the NIS
163maps.
164.It Fl d Ar domain
165The
166.Nm
167utility can support multiple domains, however it must
168choose one domain as a default.
169It will try to use the system default domain name as set by the
170.Xr domainname 1
171command for this default.
172However,
173if the system domain name is not
174set, a default domain must be specified on
175the command line.
176If the system default domain is set,
177then this option can be used to override it.
178.It Fl p Ar path
179This option can be used to override the default path to
180the location of the NIS
181map databases.
182The compiled-in default path is
183.Pa /var/yp .
184.It Fl s
185Disallow changing of shell information.
186.It Fl f
187Disallow changing of full name ('GECOS') information.
188.It Fl a
189Allow additions to be made to the NIS passwd databases.
190The super-user on the
191NIS master server is permitted to use the
192.Xr ypchpass 1
193command to perform unrestricted modifications to any field in a user's
194.Pa master.passwd
195map entry.
196When
197.Nm
198is started with this flag, it will also allow the super-user to add new
199records to the NIS passwd maps, just as is possible when using
200.Xr chpass 1
201to modify the local password database.
202.It Fl m
203Turn on multi-domain mode.
204Even though
205.Xr ypserv 8
206can handle several simultaneous domains, most implementations of
207.Nm
208can only operate on a single NIS domain, which is generally the same as
209the system default domain of the NIS master server.
210The
211.Fx
212.Nm
213attempts to overcome this problem in spite of the inherent limitations
214of the
215.Pa yppasswd
216protocol, which does not allow for a
217.Pa domain
218argument in client requests.
219In multi-domain mode,
220.Nm
221will search through all the passwd maps of all the domains it
222can find under
223.Pa /var/yp
224until it finds an entry that matches the user information specified in
225a given update request.
226(Matches are determined by checking the username,
227UID and GID fields.)
228The matched entry and corresponding domain are then
229used for the update.
230.Pp
231Note that in order for multi-domain mode to work, there have to be
232separate template files for each domain.
233For example, if a server
234supports three domains,
235.Pa foo ,
236.Pa bar ,
237and
238.Pa baz ,
239there should be three separate master.passwd template files called
240.Pa /var/yp/foo/master.passwd ,
241.Pa /var/yp/bar/master.passwd ,
242and
243.Pa /var/yp/baz/master.passwd .
244If
245.Pa foo
246happens to be the system default domain, then its template file can
247be either
248.Pa /var/yp/foo/master.passwd
249or
250.Pa /var/yp/master.passwd .
251The server will check for the latter file first and then use the former
252if it cannot find it.
253.Pp
254Multi-domain mode is off by default since it can fail if there are
255duplicate or near-duplicate user entries in different domains.
256The server
257will abort an update request if it finds more than one user entry that
258matches its search criteria.
259Even so, paranoid administrators
260may wish to leave multi-domain mode disabled.
261.It Fl i
262If
263.Nm
264is invoked with this flag, it will perform map updates in place.
265This
266means that instead of just modifying the password template file and
267starting a map update, the server will modify the map databases
268directly.
269This is useful when the password maps are large: if, for
270example, the password database has tens of thousands of entries, it
271can take several minutes for a map update to complete.
272Updating the
273maps in place reduces this time to a few seconds.
274.It Fl v
275Turn on verbose logging mode.
276The server normally only logs messages
277using the
278.Xr syslog 3
279facility when it encounters an error condition, or when processing
280updates for the super-user on the NIS master server.
281Running the server
282with the
283.Fl v
284flag will cause it to log informational messages for all updates.
285.It Fl u
286Many commercial
287.Xr yppasswd 1
288clients do not use a reserved port when sending requests to
289.Nm .
290This is either because the
291.Xr yppasswd 1
292program is not installed set-uid root, or because the RPC
293implementation does not place any emphasis on binding to reserved
294ports when establishing client connections for the super-user.
295By default,
296.Nm
297expects to receive requests from clients using reserved ports; requests
298received from non-privileged ports are rejected.
299Unfortunately, this
300behavior prevents any client systems that to not use privileged
301ports from successfully submitting password updates.
302Specifying
303the
304.Fl u
305flag to
306.Nm
307disables the privileged port check so that it will work with
308.Xr yppasswd 1
309clients that do not use privileged ports.
310This reduces security to
311a certain small degree, but it might be necessary in cases where it
312is not possible to change the client behavior.
313.It Fl h
314Display the list of flags and options understood by
315.Nm .
316.El
317.Sh FILES
318.Bl -tag -width Pa -compact
319.It Pa /usr/libexec/yppwupdate
320The script invoked by
321.Nm
322to update and push the NIS maps after
323an update.
324.It Pa /var/yp/master.passwd
325The template password file for the default domain.
326.It Pa /var/yp/[domainname]/[maps]
327The NIS maps for a particular NIS domain.
328.It Pa /var/yp/[domainname]/master.passwd
329The template password file(s) for non-default domains
330(used only in multi-domain mode).
331.El
332.Sh SEE ALSO
333.Xr yp 8 ,
334.Xr yppush 8 ,
335.Xr ypserv 8 ,
336.Xr ypxfr 8
337.Sh AUTHORS
338.An Bill Paul Aq Mt wpaul@ctr.columbia.edu
339.Sh BUGS
340As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE
341procedure takes two arguments: a V7-style passwd structure containing
342updated user information and the user's existing unencrypted (cleartext)
343password.
344Since
345.Nm
346is supposed to handle update requests from remote NIS client machines,
347this means that
348.Xr yppasswd 1
349and similar client programs will in fact be transmitting users' cleartext
350passwords over the network.
351.Pp
352This is not a problem for password updates since the plaintext password
353sent with the update will no longer be valid once the new encrypted password
354is put into place, but if the user is only updating his or her 'GECOS'
355information or shell, then the cleartext password sent with the update
356will still be valid once the update is completed.
357If the network is
358insecure, this cleartext password could be intercepted and used to
359gain unauthorized access to the user's account.
360