In article <22926.879103301@planix.com> you write:
> yppasswd (yp_passwd.c) uses "passwd.byname"  to retrieve the user's account, 
> which does not contain the passwd and it therefore always fails when 
> verifying the users old password. Should yp_passwd.c be changed to use 
> "master.passwd.byname" throughout in place of "passwd.byname"? In that case, 
> what happens if the yp servers is a SunOS machine, where passwd.byname will 
> have the passwords? Or, am I just confused?? 

Sounds like you are using the INSECURE=no setting. You can only use this
if *all* the yp clients support this option too, and apparently (looking
at the libc source) NetBSD's doesn't't yet. Also, our getgrouplist() doesn't
know how to use the netid stuff, and will have to walk the whole group
map :-(

I'm guessing it's kind of late for this tsuff to go into 1.3 :-(