master.passwd.5 and various passwd.5 changes (diff)

Jeremy C. Reed reed at reedmedia.net
Wed Jan 11 22:41:05 PST 2006


This adds master.passwd.5 file (same file as passwd.5).

And this changes FreeBSD (as appropriate to DragonFly).

Removes old documentation about older (FreeBSD) versions of YP.
(Maybe I should keep part of this, and reword?)

May I commit any of this?

Index: share/man/man5/Makefile
===================================================================
RCS file: /cvs/src/share/man/man5/Makefile,v
retrieving revision 1.7
diff -b -u -r1.7 Makefile
--- share/man/man5/Makefile	5 Aug 2005 10:13:43 -0000	1.7
+++ share/man/man5/Makefile	5 Oct 2005 23:07:10 -0000
@@ -20,5 +20,6 @@
 MLINKS+=hosts.equiv.5 rhosts.5
 MLINKS+=resolver.5 resolv.conf.5
 MLINKS+=utmp.5 lastlog.5 utmp.5 wtmp.5
+MLINKS+=passwd.5 master.passwd.5
 
 .include <bsd.prog.mk>
Index: share/man/man5/passwd.5
===================================================================
RCS file: /cvs/src/share/man/man5/passwd.5,v
retrieving revision 1.3
diff -b -u -r1.3 passwd.5
--- share/man/man5/passwd.5	11 Mar 2004 12:28:56 -0000	1.3
+++ share/man/man5/passwd.5	5 Oct 2005 23:27:20 -0000
@@ -37,7 +37,8 @@
 .Dt PASSWD 5
 .Os
 .Sh NAME
-.Nm passwd
+.Nm passwd ,
+.Nm master.passwd
 .Nd format of the password file
 .Sh DESCRIPTION
 The
@@ -197,7 +198,7 @@
 .Sh YP/NIS INTERACTION
 .Ss Enabling access to NIS passwd data
 The system administrator can configure
-.Tn FreeBSD
+.Dx
 to use NIS/YP for
 its password information by adding special records to the
 .Pa /etc/master.passwd
@@ -228,7 +229,7 @@
 will tell the
 .Xr getpwent 3
 routines in
-.Tn FreeBSD Ns 's
+.Dx Ns 's
 standard C library to begin using the NIS passwd maps
 for lookups.
 .Pp
@@ -400,7 +401,7 @@
 it need not be modified again unless new netgroups are created.
 .Sh NOTES
 .Ss Shadow passwords through NIS
-.Tn FreeBSD
+.Dx
 uses a shadow password scheme: users' encrypted passwords
 are stored only in
 .Pa /etc/master.passwd
@@ -414,16 +415,16 @@
 NIS does not support a standard means of
 password shadowing, which implies that placing your password data
 into the NIS passwd maps totally defeats the security of
-.Tn FreeBSD Ns 's
+.Dx Ns 's
 password shadowing system.
 .Pp
-.Tn FreeBSD
+.Dx
 provides a few special features to help get around this
 problem.
 It is possible to implement password shadowing between
-.Tn FreeBSD
+.Dx
 NIS clients and
-.Tn FreeBSD
+.Dx
 NIS servers.
 The
 .Xr getpwent 3
@@ -435,14 +436,15 @@
 .Pa /etc/master.passwd
 file.
 If the maps exist,
-.Tn FreeBSD
+.Dx
 will attempt to use them for user
 authentication instead of the standard
 .Pa passwd.byname
 and
 .Pa passwd.byuid
 maps.
-.Tn FreeBSD Ns 's
+The
+.Dx
 .Xr ypserv 8
 will also check client requests to make sure they originate on a
 privileged port.
@@ -460,7 +462,7 @@
 maps which contain no password information.
 .Pp
 Note that this feature cannot be used in an environment with
-.No non- Ns Tn FreeBSD
+.No non- Ns Os
 systems.
 Note also that a truly determined user with
 unrestricted access to your network could still compromise the
@@ -470,7 +472,7 @@
 Unlike
 .Tn SunOS
 and other operating systems that use Sun's NIS code,
-.Tn FreeBSD
+.Dx
 allows the user to override
 .Pa all
 of the fields in a user's NIS
@@ -499,7 +501,7 @@
 
 .Ed
 This often leads to new
-.Tn FreeBSD
+.Dx
 administrators choosing NIS entries for their
 .Pa master.passwd
 files that look like this:
@@ -516,7 +518,7 @@
 .Pa master.passwd
 .Sy FILE!!
 The first tells
-.Tn FreeBSD
+.Dx
 to remap all passwords to
 .Ql \&*
 (which
@@ -564,7 +566,7 @@
 instead of simple wildcards, other combinations could be achieved.)
 .Pp
 By contrast,
-.Fx
+.Dx
 does not have a single
 .Tn ASCII
 password file: it
@@ -579,7 +581,7 @@
 and
 .Fn getpwuid
 functions in
-.Tn FreeBSD
+.Dx
 are designed to do direct queries to the
 hash database rather than a linear search.
 This approach is faster
@@ -591,7 +593,7 @@
 .Tn SunOS .
 .Pp
 Instead,
-.Tn FreeBSD
+.Dx
 groups all the NIS override entries together
 and constructs a filter out of them.
 Each NIS password entry
@@ -614,7 +616,7 @@
 file, since doing otherwise would lead to unpredictable behavior.
 .Pp
 The end result is that
-.Tn FreeBSD Ns 's
+.Dx
 provides a very close approximation
 of
 .Tn SunOS Ns 's
@@ -639,7 +641,7 @@
 .El
 .Pp
 In 99% of all
-.Tn FreeBSD
+.Dx
 configurations, NIS client behavior will be
 indistinguishable from that of
 .Tn SunOS
@@ -648,7 +650,7 @@
 so, users should be aware of these architectural differences.
 .Pp
 .Ss Using groups instead of netgroups for NIS overrides
-.Tn FreeBSD
+.Dx
 offers the capability to do override matching based on
 user groups rather than netgroups.
 If, for example, an NIS entry
@@ -665,57 +667,6 @@
 will try to match users against the normal
 .Ql operator
 group instead.
-.Ss Changes in behavior from older versions of
-.Dx
-There have been several bug fixes and improvements in
-.Dx Ns 's
-NIS/YP handling, some of which have caused changes in behavior.
-While the behavior changes are generally positive, it is important
-that users and system administrators be aware of them:
-.Bl -enum -offset indent
-.It
-In versions prior to 2.0.5, reverse lookups (i.e. using
-.Fn getpwuid )
-would not have overrides applied, which is to say that it
-was possible for
-.Fn getpwuid
-to return a login name that
-.Fn getpwnam
-would not recognize.
-This has been fixed: overrides specified
-in
-.Pa /etc/master.passwd
-now apply to all
-.Xr getpwent 3
-functions.
-.It
-Prior to
-.Fx 2.0.5 ,
-netgroup overrides did not work at
-all, largely because
-.Tn FreeBSD
-did not have support for reading
-netgroups through NIS.
-Again, this has been fixed, and
-netgroups can be specified just as in
-.Tn SunOS
-and similar NIS-capable
-systems.
-.It
-.Dx
-now has NIS server capabilities and supports the use
-of
-.Pa master.passwd
-NIS maps in addition to the standard Sixth Edition format
-.Pa passwd
-maps.
-This means that you can specify change, expiration and class
-information through NIS, provided you use a
-.Dx
-or
-.Fx
-system as
-the NIS server.
 .El
 .Sh FILES
 .Bl -tag -width /etc/master.passwd -compact
@@ -796,8 +747,8 @@
 The YP/NIS functionality is modeled after
 .Tn SunOS
 and first appeared in
-.Fx 1.1
-The override capability is new in
+.Fx 1.1 .
+The override capability was new in
 .Fx 2.0 .
 The override capability was updated to properly support netgroups
 in





More information about the Submit mailing list