1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $Id: rpc.yppasswdd.8,v 1.3 1996/02/12 14:44:15 wpaul Exp $ 32.\" 33.Dd February 8, 1996 34.Dt RPC.YPPASSWDD 8 35.Os 36.Sh NAME 37.Nm rpc.yppasswdd 38.Nd "server for updating NIS passwords" 39.Sh SYNOPSIS 40.Nm rpc.yppasswdd 41.Op Fl t Ar master.passwd template file 42.Op Fl d Ar default domain 43.Op Fl p Ar path 44.Op Fl s 45.Op Fl f 46.Op Fl a 47.Op Fl m 48.Op Fl v 49.Op Fl h 50.Sh DESCRIPTION 51The 52.Nm rpc.yppasswdd 53daemon allows users to change their NIS passwords and certain 54other information using the 55.Xr yppasswd 1 56and 57.Xr ypchpass 1 58commands. 59.Nm Rpc.yppasswdd 60is an RPC-based server that accepts incoming password change requests, 61authenticates them, places the updated information in the 62.Pa /var/yp/master.passwd 63template file and then updates the NIS 64.Pa master.passwd 65and 66.Pa passwd 67maps. 68.Pp 69The 70.Nm rpc.yppasswdd 71server allows a normal NIS user to change 72his or her NIS password, full name (also 73known as 'GECOS' field) or shell. These updates are typically done using 74the 75.Xr yppasswd 1 , 76.Xr ypchfn 1 , 77.Xr ypchsh 1 , 78or 79.Xr ypchpass 1 80commands. (Some administrators don't want users to be able to change their 81full name information or shells; the server can be invoked with option flags 82that disallow such changes.) When the server receives an update request, 83it checks the 'old' password supplied by the user to make sure it's 84valid, then performs some sanity checks on the updated information (these 85include checking for embedded control characters, colons or invalid shells). 86Once it is satisfied that the update request is valid, the server modifies 87the template password file (the default is 88.Pa /var/yp/master.passwd ) 89and then runs the 90.Pa /usr/libexec/yppwupdate 91script to rebuild the NIS maps. (This script has two arguments passed 92to it: the absolute pathname of the password template that was modified 93and the name of the domain that is to be updated. These in turn are 94passed to 95.Pa /var/yp/Makefile.) 96.Pp 97The FreeBSD version of 98.Nm rpc.yppasswdd 99also allows the super-user on the NIS master server to perform more 100sophisticated updates on the NIS passwd maps. The super-user can modify 101any field in any user's master.passwd entry in any domain, and can 102do so without knowing the user's existing NIS password (when the server 103receives a request from the super-user, the password authentication 104check is bypassed). Furthermore, if the server is invoked with the 105.Fl a 106flag, the super-user can even add new entries to the maps using 107.Xr ypchpass 1 . 108Again, this only applies to the super-user on the NIS 109master server: none of these special functions can be peformed over 110the network. 111.Pp 112The 113.Nm rpc.yppasswdd 114daemon can only be run on a machine that is an NIS master server. 115.Sh OPTIONS 116The following options and flags are supported by 117.Nm rpc.yppasswdd : 118.Bl -tag -width flag 119.It Fl t Ar master.passwd template file 120By default, 121.Nm rpc.yppasswdd 122assumes that the template file used to generates the 123.Pa master.passwd 124and 125.Pa passwd 126maps for the default domain is called 127.Pa /var/yp/master.passwd . 128This default can be overridden by specifying an alternate file name 129with the 130.Fl t 131flag. 132.Pp 133Note: if the template file specified with this flag is 134.Pa /etc/master.passwd , 135.Nm rpc.yppasswdd 136will also automatically invoke 137.Xr pwd_mkdb 8 138to rebuild the local password databases in addition to the NIS 139maps. 140.It Fl d Ar domain 141The 142.Nm rpc.yppasswdd 143server can support multiple domains, however it must 144choose one domain as a default. 145It will try to use the system default domain name as set by the 146.Xr domainname 1 147command for this default. However, 148if the system domain name is not 149set, a default domain must be specified on 150the command line. If the system default domain is set, 151then this option can be used to override it. 152.It Fl p Ar path 153This option can be used to override the default path to 154the location of the NIS 155map databases. The compiled-in default path is 156.Pa /var/yp . 157.It Fl s 158Disallow changing of shell information. 159.It Fl f 160Disallow changing of full name ('GECOS') information. 161.It Fl a 162Allow additions to be made to the NIS passwd databases. The super-user on the 163NIS master server is permitted to use the 164.Xr ypchpass 1 165command to perform unrestricted modifications to any field in a user's 166.Pa master.passwd 167map entry. When 168.Nm rpc.yppasswdd 169is started with this flag, it will also allow the super-user to add new 170records to the NIS passwd maps, just as is possible when using 171.Xr chpass 1 172to modify the local password database. 173.It Fl m 174Turn on multi-domain mode. Even though 175.Xr ypserv 8 176can handle several simultaneous domains, most implementations of 177.Nm rpc.yppasswdd 178can only operate on a single NIS domain, which is generally the same as 179the system default domain of the NIS master server. The FreeBSD 180.Nm rpc.yppasswdd 181attempts to overcome this problem in spite of the inherent limitations 182of the 183.Pa yppasswd 184protocol, which does not allow for a 185.Pa domain 186argument in client requests. In multi-domain mode, 187.Nm rpc.yppasswdd 188will search through all the passwd maps of all the domains it 189can find under 190.Pa /var/yp 191until it finds an entry that matches the user information specified in 192a given update request. (Matches are determined by checking the username, 193UID and GID fields.) The matched entry and corresponding domain are then 194used for the update. 195.Pp 196Note that in order for multi-domain mode to work, there have to be 197seperate template files for each domain. For example, if a server 198supports three domains, 199.Pa foo , 200.Pa bar , 201and 202.Pa baz , 203there should be three seperate master.passwd template files called 204.Pa /var/yp/foo/master.passwd , 205.Pa /var/yp/bar/master.passwd , 206and 207.Pa /var/yp/baz/master.passwd . 208If 209.Pa foo 210happens to be the system default domain, then its template file can 211be either 212.Pa /var/yp/foo/master.passwd 213or 214.Pa /var/yp/master.passwd . 215The server will check for the latter file first and then use the former 216if it can't find it. 217.Pp 218Multi-domain mode is off by default since it can fail if there are 219duplicate or near-duplicate user entries in different domains. The server 220will abort an update request if it finds more than one user entry that 221matches its search criteria. Even so, paranoid administrators 222may wish to leave multi-domain mode disabled. 223.It Fl v 224Turn on verbose logging mode. The server normally only logs messages 225using the 226.Xr syslog 3 227facility when it encounters an error condition, or when processing 228updates for the super-user on the NIS master server. Running the server 229with the 230.Fl v 231flag will cause it to log informational messages for all updates. 232.It Fl h 233Displays the list of flags and options understood by 234.Nm rpc.yppasswdd . 235.El 236.Sh FILES 237.Bl -tag -width Pa -compact 238.It Pa /usr/libexec/yppwupdate 239The script invoked by 240.Nm rpc.yppasswdd 241to update and push the NIS maps after 242an update. 243.It Pa /var/yp/master.passwd 244The template password file for the default domain. 245.It Pa /var/yp/[domainname]/[maps] 246The NIS maps for a particular NIS domain. 247.It Pa /var/yp/[domainname]/master.passwd 248The template password file(s) for non-default domains 249(used only in multi-domain mode). 250.El 251.Sh SEE ALSO 252.Xr ypserv 8 , 253.Xr yppush 8 , 254.Xr ypxfr 8 , 255.Xr yp 4 256.Sh BUGS 257As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 258procedure takes two arguments: a V7-style passwd structure containing 259updated user information and the user's existing unencrypted (cleartext) 260password. Since 261.Nm rpc.yppasswdd 262is supposed to handle update requests from remote NIS client machines, 263this means that 264.Xr yppasswd 1 265and similar client programs will in fact be transmitting users' cleartext 266passwords over the network. 267.Pp 268This is not a problem for password updates since the plaintext password 269sent with the update will no longer be valid once the new encrypted password 270is put into place, but if the user is only updating his or her 'GECOS' 271information or shell, then the cleartext password sent with the update 272will still be valid once the update is completed. If the network is 273insecure, this cleartext password could be intercepted and used to 274gain unauthorized access to the user's account. 275.Sh AUTHOR 276Bill Paul <wpaul@ctr.columbia.edu> 277