> > [ deleted stuff about YP setting the uid/gid ]
> This is actually a feature, as explained in the passwd(5) manual page.  It
> allows a system administrator to map some or all users to `nobody's uid,
> for example.

Sounds like a good idea to me, but being able to do this with the root uid 
strikes me as asking for trouble. 

I initially thought that perhaps the YP code should handle uid 0 as a special 
case, but then I thought that perhaps this was using code to enforce policy, 
which isn't always a good thing. So why not get vipw to check that the user 
hasn't used any uid/gid below 100 with the YP matching facility? After all, 
vipw is supposed to make sure that you haven't done anything stupid with your 
passwd file, which is something I find very handy.

Cheers,
Lloyd