1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $Id: rpc.yppasswdd.8,v 1.6 1996/06/03 23:53:21 wpaul Exp $ 32.\" 33.Dd February 8, 1996 34.Dt RPC.YPPASSWDD 8 35.Os 36.Sh NAME 37.Nm rpc.yppasswdd 38.Nd "server for updating NIS passwords" 39.Sh SYNOPSIS 40.Nm rpc.yppasswdd 41.Op Fl t Ar master.passwd template file 42.Op Fl d Ar default domain 43.Op Fl p Ar path 44.Op Fl s 45.Op Fl f 46.Op Fl a 47.Op Fl m 48.Op Fl i 49.Op Fl v 50.Op Fl u 51.Op Fl h 52.Sh DESCRIPTION 53The 54.Nm rpc.yppasswdd 55daemon allows users to change their NIS passwords and certain 56other information using the 57.Xr yppasswd 1 58and 59.Xr ypchpass 1 60commands. 61.Nm Rpc.yppasswdd 62is an RPC-based server that accepts incoming password change requests, 63authenticates them, places the updated information in the 64.Pa /var/yp/master.passwd 65template file and then updates the NIS 66.Pa master.passwd 67and 68.Pa passwd 69maps. 70.Pp 71The 72.Nm rpc.yppasswdd 73server allows a normal NIS user to change 74his or her NIS password, full name (also 75known as 'GECOS' field) or shell. These updates are typically done using 76the 77.Xr yppasswd 1 , 78.Xr ypchfn 1 , 79.Xr ypchsh 1 , 80or 81.Xr ypchpass 1 82commands. (Some administrators don't want users to be able to change their 83full name information or shells; the server can be invoked with option flags 84that disallow such changes.) When the server receives an update request, 85it compares the address of the client making the request against the 86.Pa securenets 87rules outlined in 88.Pa /var/yp/securenets . 89(See the 90.Xr ypserv 8 91manual page for more information on securenets; the 92.Nm rpc.yppasswdd 93server uses the same access control mechanism as 94.Xr ypserv 8 .) 95.Pp 96The server then 97checks the 'old' password supplied by the user to make sure it's 98valid, then performs some sanity checks on the updated information (these 99include checking for embedded control characters, colons or invalid shells). 100Once it is satisfied that the update request is valid, the server modifies 101the template password file (the default is 102.Pa /var/yp/master.passwd ) 103and then runs the 104.Pa /usr/libexec/yppwupdate 105script to rebuild the NIS maps. (This script has two arguments passed 106to it: the absolute pathname of the password template that was modified 107and the name of the domain that is to be updated. These in turn are 108passed to 109.Pa /var/yp/Makefile ) . 110.Pp 111The FreeBSD version of 112.Nm rpc.yppasswdd 113also allows the super-user on the NIS master server to perform more 114sophisticated updates on the NIS passwd maps. The super-user can modify 115any field in any user's master.passwd entry in any domain, and can 116do so without knowing the user's existing NIS password (when the server 117receives a request from the super-user, the password authentication 118check is bypassed). Furthermore, if the server is invoked with the 119.Fl a 120flag, the super-user can even add new entries to the maps using 121.Xr ypchpass 1 . 122Again, this only applies to the super-user on the NIS 123master server: none of these special functions can be peformed over 124the network. 125.Pp 126The 127.Nm rpc.yppasswdd 128daemon can only be run on a machine that is an NIS master server. 129.Sh OPTIONS 130The following options and flags are supported by 131.Nm rpc.yppasswdd : 132.Bl -tag -width flag 133.It Fl t Ar master.passwd template file 134By default, 135.Nm rpc.yppasswdd 136assumes that the template file used to generates the 137.Pa master.passwd 138and 139.Pa passwd 140maps for the default domain is called 141.Pa /var/yp/master.passwd . 142This default can be overridden by specifying an alternate file name 143with the 144.Fl t 145flag. 146.Pp 147Note: if the template file specified with this flag is 148.Pa /etc/master.passwd , 149.Nm rpc.yppasswdd 150will also automatically invoke 151.Xr pwd_mkdb 8 152to rebuild the local password databases in addition to the NIS 153maps. 154.It Fl d Ar domain 155The 156.Nm rpc.yppasswdd 157server can support multiple domains, however it must 158choose one domain as a default. 159It will try to use the system default domain name as set by the 160.Xr domainname 1 161command for this default. However, 162if the system domain name is not 163set, a default domain must be specified on 164the command line. If the system default domain is set, 165then this option can be used to override it. 166.It Fl p Ar path 167This option can be used to override the default path to 168the location of the NIS 169map databases. The compiled-in default path is 170.Pa /var/yp . 171.It Fl s 172Disallow changing of shell information. 173.It Fl f 174Disallow changing of full name ('GECOS') information. 175.It Fl a 176Allow additions to be made to the NIS passwd databases. The super-user on the 177NIS master server is permitted to use the 178.Xr ypchpass 1 179command to perform unrestricted modifications to any field in a user's 180.Pa master.passwd 181map entry. When 182.Nm rpc.yppasswdd 183is started with this flag, it will also allow the super-user to add new 184records to the NIS passwd maps, just as is possible when using 185.Xr chpass 1 186to modify the local password database. 187.It Fl m 188Turn on multi-domain mode. Even though 189.Xr ypserv 8 190can handle several simultaneous domains, most implementations of 191.Nm rpc.yppasswdd 192can only operate on a single NIS domain, which is generally the same as 193the system default domain of the NIS master server. The FreeBSD 194.Nm rpc.yppasswdd 195attempts to overcome this problem in spite of the inherent limitations 196of the 197.Pa yppasswd 198protocol, which does not allow for a 199.Pa domain 200argument in client requests. In multi-domain mode, 201.Nm rpc.yppasswdd 202will search through all the passwd maps of all the domains it 203can find under 204.Pa /var/yp 205until it finds an entry that matches the user information specified in 206a given update request. (Matches are determined by checking the username, 207UID and GID fields.) The matched entry and corresponding domain are then 208used for the update. 209.Pp 210Note that in order for multi-domain mode to work, there have to be 211seperate template files for each domain. For example, if a server 212supports three domains, 213.Pa foo , 214.Pa bar , 215and 216.Pa baz , 217there should be three seperate master.passwd template files called 218.Pa /var/yp/foo/master.passwd , 219.Pa /var/yp/bar/master.passwd , 220and 221.Pa /var/yp/baz/master.passwd . 222If 223.Pa foo 224happens to be the system default domain, then its template file can 225be either 226.Pa /var/yp/foo/master.passwd 227or 228.Pa /var/yp/master.passwd . 229The server will check for the latter file first and then use the former 230if it can't find it. 231.Pp 232Multi-domain mode is off by default since it can fail if there are 233duplicate or near-duplicate user entries in different domains. The server 234will abort an update request if it finds more than one user entry that 235matches its search criteria. Even so, paranoid administrators 236may wish to leave multi-domain mode disabled. 237.It Fl i 238If 239.Nm rpc.yppasswdd 240is invoked with this flag, it will perform map updates in place. This 241means that instead of just modifying the password template file and 242starting a map update, the server will modify the map databases 243directly. This is useful when the password maps are large: if, for 244example, the password database has tens of thousands of entries, it 245can take several minutes for a map update to complete. Updating the 246maps in place reduces this time to a few seconds. 247.It Fl v 248Turn on verbose logging mode. The server normally only logs messages 249using the 250.Xr syslog 3 251facility when it encounters an error condition, or when processing 252updates for the super-user on the NIS master server. Running the server 253with the 254.Fl v 255flag will cause it to log informational messages for all updates. 256.It Fl u 257Many commercial 258.Xr yppasswd 1 259clients do not use a reserved port when sending requests to 260.Nm rpc.yppasswdd . 261This is either because the 262.Xr yppasswd 1 263program is not installed set-uid root, or because the RPC 264implementation does not place any emphasis on binding to reserved 265ports when establishing client connections for the super-user. 266By default, 267.Nm rpc.yppasswdd 268expects to receive requests from clients using reserved ports; requests 269received from non-privileged ports are rejected. Unfortunately, this 270behavior prevents any client systems that to not use privileged 271ports from sucessfully submitting password updates. Specifying 272the 273.Fl u 274flag to 275.Nm rpc.yppasswdd 276disables the privileged port check so that it will work with 277.Xr yppasswd 1 278clients that don't use privileged ports. This reduces security to 279a certain small degree, but it might be necessary in cases where it 280is not possible to change the client behavior. 281.It Fl h 282Displays the list of flags and options understood by 283.Nm rpc.yppasswdd . 284.El 285.Sh FILES 286.Bl -tag -width Pa -compact 287.It Pa /usr/libexec/yppwupdate 288The script invoked by 289.Nm rpc.yppasswdd 290to update and push the NIS maps after 291an update. 292.It Pa /var/yp/master.passwd 293The template password file for the default domain. 294.It Pa /var/yp/[domainname]/[maps] 295The NIS maps for a particular NIS domain. 296.It Pa /var/yp/[domainname]/master.passwd 297The template password file(s) for non-default domains 298(used only in multi-domain mode). 299.El 300.Sh SEE ALSO 301.Xr ypserv 8 , 302.Xr yppush 8 , 303.Xr ypxfr 8 , 304.Xr yp 4 305.Sh BUGS 306As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 307procedure takes two arguments: a V7-style passwd structure containing 308updated user information and the user's existing unencrypted (cleartext) 309password. Since 310.Nm rpc.yppasswdd 311is supposed to handle update requests from remote NIS client machines, 312this means that 313.Xr yppasswd 1 314and similar client programs will in fact be transmitting users' cleartext 315passwords over the network. 316.Pp 317This is not a problem for password updates since the plaintext password 318sent with the update will no longer be valid once the new encrypted password 319is put into place, but if the user is only updating his or her 'GECOS' 320information or shell, then the cleartext password sent with the update 321will still be valid once the update is completed. If the network is 322insecure, this cleartext password could be intercepted and used to 323gain unauthorized access to the user's account. 324.Sh AUTHOR 325Bill Paul <wpaul@ctr.columbia.edu> 326