From 804f2f79eee18b6494ba08a9909d3cc4cface7cd Mon Sep 17 00:00:00 2001 From: brian Date: Thu, 25 Jun 2009 16:15:39 +0000 Subject: Support shadow.byname and shadow.byuid maps, protecting them by insisting on privileged port access. Include /var/yp/Makefile.local if it exists and suggest using it to override /var/yp/Makefile behaviour. Approved by: re (kib) MFC after: 3 weeks --- share/man/man8/yp.8 | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'share/man/man8') diff --git a/share/man/man8/yp.8 b/share/man/man8/yp.8 index 75e3cc1..f57c8df 100644 --- a/share/man/man8/yp.8 +++ b/share/man/man8/yp.8 @@ -28,7 +28,7 @@ .\" from: @(#)yp.8 1.0 (deraadt) 4/26/93 .\" $FreeBSD$ .\" -.Dd April 5, 1993 +.Dd June 25, 2009 .Dt YP 8 .Os .Sh NAME @@ -310,9 +310,15 @@ The .Tn NIS .Pa Makefile .Pq Pa /var/yp/Makefile -will do this automatically if the administrator comments out the -line which says -.Dq Li NOPUSH=true +will do this automatically if the administrator creates +.Pa /var/yp/Makefile.local +and empties the +.Va NOPUSH +variable: +.Bd -literal -offset four +.Li NOPUSH= +.Ed +.Pp .Va ( NOPUSH is set to true by default because the default configuration is for a small network with only one @@ -394,9 +400,11 @@ To help prevent this, .Fx Ns 's .Tn NIS server handles the shadow password maps -.Pa ( master.passwd.byname +.Pa ( master.passwd.byname , +.Pa master.passwd.byuid , +.Pa shadow.byname and -.Pa master.passwd.byuid ) +.Pa shadow.byuid ) in a special way: the server will only provide access to these maps in response to requests that originate on privileged ports. Since only the super-user is allowed to bind to a privileged port, -- cgit v1.1