correctly whether a user is local or NIS (or both, or neither). If you
have a user that exists locally but not in NIS, passwd(1) could get
confused and try to submit the password change to NIS. (Fortunately,
yppasswdd is smart enough to spot the error and reject the change.)
Bug reported by: Charles Owens <owensc@enc.edu>
that it can't contact an NIS server when asked to change the password
of an invalid user. It should say 'unknown user' instead.
The fix is to check for the _PW_KEYYPENABLED flag in the password
database and only roll over into the yppasswd stuff if the flag
is enabled (this means passwd will not behave as yppasswd if
there are no +::::::::: entries in /etc/master.passwd). If
NIS is enabled but the user says 'passwd -l foouser' where
foouser exists in the NIS maps, but not in /etc/master.passwd,
we also say 'unknown user.' This is so we don't outsmart ourselves:
specifying the -l flag restricts passwd to the local password database
even if NIS is enabled.
This change should probably be merged into 2.1.
This is the first round of changes to incorporate YP server functionality
into FreeBSD. This particular change allows passwd to change either the
local or NIS password, as well as the NIS GECOS and shell information.
Essentially, I've taken passwd(1) and yppasswd from the yppasswd-0.5
distribution (which is part of the NYS project -- a project to provide
a GNU GPL'ed suite of NIS tools) and rammed them into each other
at high speed. I've tried my best to make this co-exist with the
Kerberos stuff, but since I don't run Kerberos I don't have an easy
way to verify that it all works. If you choose any Kerberos flags
then the YP checks should be bypassed, but that may not be enough.
I'll modify it some more if it turns out I broke something. For now,
support for localand NIS passwords is pretty solid:
- If you simply type 'passwd,' the program checks to see if you exist
in the local pwd.db database. If not, you get bounced to YP.
- If you try to force local functionality with the -l flag and you
don't exist locally, you get an error.
The -y flag can be used to force YP functionality. -f and -s let you
change your full name and shell (respectively). -f *and* -s let you
change all of your 'account information.'
ypchfn, ypchsh, yppasswd and ypchpass are all links to passwd.
Bill Paul
Garrett Wollman
Rodney W. Grimes