Documented YP functionality, part II.

2 files changed, 109 insertions, 10 deletions

diff --git a/share/man/man5/group.5 b/share/man/man5/group.5
index 958494b..a785743 100644
--- a/share/man/man5/group.5
+++ b/share/man/man5/group.5
@@ -29,9 +29,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)group.5	8.3 (Berkeley) 4/19/94
+.\"     From: @(#)group.5	8.3 (Berkeley) 4/19/94
+.\"	$Id$
 .\"
-.Dd April 19, 1994
+.Dd September 29, 1994
 .Dt GROUP 5
 .Os
 .Sh NAME
@@ -100,16 +101,40 @@ entry and does not need to be added to that group in the
 .\"	char    **gr_mem;        /* group members */
 .\" };
 .\" .Ed
+.Sh YP/NIS INTERACTION
+The
+.Pa /etc/group
+file can be configured to enable the YP/NIS group database.
+An entry whose
+.Ar name
+field consists of a plus sign (`+') followed by a group name, will be
+replaced internally to the C library with the YP/NIS group entry for the
+named group.  An entry whose
+.Ar name
+field consists of a single plus sign with no group name following,
+will be replaced with the entire YP/NIS
+.Dq Li group.byname
+map.
+.Pp
+If the YP/NIS group database is enabled for any reason, all reverse
+lookups (i.e.,
+.Fn getgrgid )
+will use the entire database, even if only a few groups are enabled.
+Thus, the group name returned by
+.Fn getgrgid
+is not guaranteed to have a valid forward mapping.
 .Sh FILES
 .Bl -tag -width /etc/group -compact
 .It Pa /etc/group
 .El
 .Sh SEE ALSO
-.Xr setgroups 2 ,
-.Xr initgroups 3 ,
 .Xr crypt 3 ,
+.Xr getgrent 3 ,
+.Xr initgroups 3 ,
 .Xr passwd 1 ,
-.Xr passwd 5
+.Xr passwd 5 ,
+.Xr setgroups 2 ,
+.Xr yp 4
 .Sh BUGS
 The
 .Xr passwd 1
@@ -121,3 +146,8 @@ A
 .Nm
 file format appeared in
 .At v6 .
+The YP/NIS functionality is modeled after
+.Tn SunOS
+and first appeared in
+.Tn FreeBSD
+1.1.
diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5
index 584bc27..238ae56 100644
--- a/share/man/man5/passwd.5
+++ b/share/man/man5/passwd.5
@@ -29,9 +29,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     @(#)passwd.5	8.1 (Berkeley) 6/5/93
+.\"     From: @(#)passwd.5	8.1 (Berkeley) 6/5/93
+.\"	$Id$
 .\"
-.Dd June 5, 1993
+.Dd September 29, 1994
 .Dt PASSWD 5
 .Os
 .Sh NAME
@@ -152,16 +153,77 @@ If there is nothing in the
 field, the Bourne shell
 .Pq Pa /bin/sh
 is assumed.
+.Sh YP/NIS INTERACTION
+The
+.Pa /etc/passwd
+file can be configured to enable the YP/NIS group database.
+An entry whose
+.Ar name
+field consists of a plus sign (`+') followed by a login name, will be
+replaced internally to the C library with the YP/NIS password entry for the
+named group.  An entry whose
+.Ar name
+field consists of a single plus sign with no login name following,
+will be replaced with the entire YP/NIS
+.Dq Li passwd.byname
+map.
+.Pp
+If any fields other than the login name are left empty, they
+will be used to override the YP/NIS database's values.  So, for
+example, an
+.Pa /etc/master.passwd
+entry of:
+.Bd -literal -offset indent
++:::::::::/etc/noaccess
+
+.Ed
+would use the entire contents of the YP/NIS password database, but
+each entry would have its designated shell replaced by
+.Pa /etc/noaccess
+(presumably, a program to tell those users that they are not allowed to
+access the machine).
+This is the only way to specify values for the fields which are not
+present in the Sixth Edition format used by YP/NIS.
+.Pp
+If the YP/NIS password database is enabled for any reason, all reverse
+lookups (i.e.,
+.Fn getpwuid )
+will use the entire database, even if only a few logins are enabled.
+Thus, the login name returned by
+.Fn getpwuid
+is not guaranteed to have a valid forward mapping.
+.Sh FILES
+.Bl -tag -width /etc/master.passwd -compact
+.It Pa /etc/passwd
+ASCII password file, with passwords removed
+.It Pa /etc/pwd.db
+.Xr db 3 -format
+password database, with passwords removed
+.It Pa /etc/master.passwd
+ASCII password file, with passwords intact
+.It Pa /etc/spwd.db
+.Xr db 3 -format
+password database, with passwords intact
+.El
 .Sh SEE ALSO
+.Xr adduser 8 ,
 .Xr chpass 1 ,
+.Xr getpwent 3 ,
 .Xr login 1 ,
 .Xr passwd 1 ,
-.Xr getpwent 3 ,
-.Xr adduser 8 ,
 .Xr pwd_mkdb 8 ,
-.Xr vipw 8
+.Xr vipw 8 ,
+.Xr yp 4
 .Sh BUGS
 User information should (and eventually will) be stored elsewhere.
+.Pp
+The YP/NIS password database makes encrypted passwords visible to
+ordinary users, thus making password cracking easier.
+.Pp
+The YP/NIS password database is in old-style (Sixth Edition) format,
+and so cannot specify site-wide values for user login class, password
+expiration date, and other fields present in the current format and
+not in the old.
 .Sh COMPATIBILITY
 The password file format has changed since 4.3BSD.
 The following awk script can be used to convert your old-style password
@@ -184,3 +246,10 @@ A
 .Nm
 file format appeared in
 .At v6 .
+The YP/NIS functionality is modeled after
+.Tn SunOS
+and first appeared in
+.Tn FreeBSD
+1.1.  The override capability is new in
+.Tn FreeBSD
+2.0.