mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-11 14:10:34 +00:00
Code Issues Releases Activity

Documented YP functionality, part II.

Browse Source
This commit is contained in:
Garrett Wollman 1994-09-20 22:44:37 +00:00
parent 8793135f2d
commit f274239ba0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=2942
2 changed files with 109 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
share/man/man5/group.5
View File

@ -29,9 +29,10 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" @(#)group.5 8.3 (Berkeley) 4/19/94 .\" From: @(#)group.5 8.3 (Berkeley) 4/19/94
.\" $Id$
.\" .\"
.Dd April 19, 1994 .Dd September 29, 1994
.Dt GROUP 5 .Dt GROUP 5
.Os .Os
.Sh NAME .Sh NAME
@ -100,16 +101,40 @@ entry and does not need to be added to that group in the
.\" char **gr_mem; /* group members */ .\" char **gr_mem; /* group members */
.\" }; .\" };
.\" .Ed .\" .Ed
.Sh YP/NIS INTERACTION
The
.Pa /etc/group
file can be configured to enable the YP/NIS group database.
An entry whose
.Ar name
field consists of a plus sign (`+') followed by a group name, will be
replaced internally to the C library with the YP/NIS group entry for the
named group. An entry whose
.Ar name
field consists of a single plus sign with no group name following,
will be replaced with the entire YP/NIS
.Dq Li group.byname
map.
.Pp
If the YP/NIS group database is enabled for any reason, all reverse
lookups (i.e.,
.Fn getgrgid )
will use the entire database, even if only a few groups are enabled.
Thus, the group name returned by
.Fn getgrgid
is not guaranteed to have a valid forward mapping.
.Sh FILES .Sh FILES
.Bl -tag -width /etc/group -compact .Bl -tag -width /etc/group -compact
.It Pa /etc/group .It Pa /etc/group
.El .El
.Sh SEE ALSO .Sh SEE ALSO
.Xr setgroups 2 ,
.Xr initgroups 3 ,
.Xr crypt 3 , .Xr crypt 3 ,
.Xr getgrent 3 ,
.Xr initgroups 3 ,
.Xr passwd 1 , .Xr passwd 1 ,
.Xr passwd 5 .Xr passwd 5 ,
.Xr setgroups 2 ,
.Xr yp 4
.Sh BUGS .Sh BUGS
The The
.Xr passwd 1 .Xr passwd 1
@ -121,3 +146,8 @@ A
.Nm .Nm
file format appeared in file format appeared in
.At v6 . .At v6 .
The YP/NIS functionality is modeled after
.Tn SunOS
and first appeared in
.Tn FreeBSD
1.1.

79
share/man/man5/passwd.5
View File

@ -29,9 +29,10 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93
.\" $Id$
.\" .\"
.Dd June 5, 1993 .Dd September 29, 1994
.Dt PASSWD 5 .Dt PASSWD 5
.Os .Os
.Sh NAME .Sh NAME
@ -152,16 +153,77 @@ If there is nothing in the
field, the Bourne shell field, the Bourne shell
.Pq Pa /bin/sh .Pq Pa /bin/sh
is assumed. is assumed.
.Sh YP/NIS INTERACTION
The
.Pa /etc/passwd
file can be configured to enable the YP/NIS group database.
An entry whose
.Ar name
field consists of a plus sign (`+') followed by a login name, will be
replaced internally to the C library with the YP/NIS password entry for the
named group. An entry whose
.Ar name
field consists of a single plus sign with no login name following,
will be replaced with the entire YP/NIS
.Dq Li passwd.byname
map.
.Pp
If any fields other than the login name are left empty, they
will be used to override the YP/NIS database's values. So, for
example, an
.Pa /etc/master.passwd
entry of:
.Bd -literal -offset indent
+:::::::::/etc/noaccess
.Ed
would use the entire contents of the YP/NIS password database, but
each entry would have its designated shell replaced by
.Pa /etc/noaccess
(presumably, a program to tell those users that they are not allowed to
access the machine).
This is the only way to specify values for the fields which are not
present in the Sixth Edition format used by YP/NIS.
.Pp
If the YP/NIS password database is enabled for any reason, all reverse
lookups (i.e.,
.Fn getpwuid )
will use the entire database, even if only a few logins are enabled.
Thus, the login name returned by
.Fn getpwuid
is not guaranteed to have a valid forward mapping.
.Sh FILES
.Bl -tag -width /etc/master.passwd -compact
.It Pa /etc/passwd
ASCII password file, with passwords removed
.It Pa /etc/pwd.db
.Xr db 3 -format
password database, with passwords removed
.It Pa /etc/master.passwd
ASCII password file, with passwords intact
.It Pa /etc/spwd.db
.Xr db 3 -format
password database, with passwords intact
.El
.Sh SEE ALSO .Sh SEE ALSO
.Xr adduser 8 ,
.Xr chpass 1 , .Xr chpass 1 ,
.Xr getpwent 3 ,
.Xr login 1 , .Xr login 1 ,
.Xr passwd 1 , .Xr passwd 1 ,
.Xr getpwent 3 ,
.Xr adduser 8 ,
.Xr pwd_mkdb 8 , .Xr pwd_mkdb 8 ,
.Xr vipw 8 .Xr vipw 8 ,
.Xr yp 4
.Sh BUGS .Sh BUGS
User information should (and eventually will) be stored elsewhere. User information should (and eventually will) be stored elsewhere.
.Pp
The YP/NIS password database makes encrypted passwords visible to
ordinary users, thus making password cracking easier.
.Pp
The YP/NIS password database is in old-style (Sixth Edition) format,
and so cannot specify site-wide values for user login class, password
expiration date, and other fields present in the current format and
not in the old.
.Sh COMPATIBILITY .Sh COMPATIBILITY
The password file format has changed since 4.3BSD. The password file format has changed since 4.3BSD.
The following awk script can be used to convert your old-style password The following awk script can be used to convert your old-style password
@ -184,3 +246,10 @@ A
.Nm .Nm
file format appeared in file format appeared in
.At v6 . .At v6 .
The YP/NIS functionality is modeled after
.Tn SunOS
and first appeared in
.Tn FreeBSD
1.1. The override capability is new in
.Tn FreeBSD
2.0.