Subject: Re: proposed changes to /etc/security
To: Todd Vierling , Matthew Jacob <firstname.lastname@example.org>
From: Martin J. Laubach <email@example.com>
Date: 07/25/1998 22:43:08
| I don't think we support YP uid/gid remapping or absence of the "*" invalid
| password. Correct me if I'm wrong, please; I only use the default setup,
| but I am interested in as strict a setup for this.
I don't know whether it actually works, but it is mentioned in
the passwd(5) manpage.
: If YP is active, the passwd file also supports standard YP exclusions and
: inclusions, based on user names and netgroups.
: Lines beginning with a ``-'' (minus sign) are entries marked as being ex-
: cluded from any following inclusions, which are marked with a ``+'' (plus
: If the second character of the line is a ``@'' (at sign), the operation
: involves the user fields of all entries in the netgroup specified by the
: remaining characters of the name field. Otherwise, the remainder of the
: name field is assumed to be a specific user name.
: The ``+'' token may also be alone in the name field, which causes all
: users from the passwd.byname and passwd.byuid YP maps to be included.
: If the entry contains non-empty uid or gid fields, the specified numbers
: will override the information retrieved from the YP maps. As well, if the
: gecos, dir or shell entries contain text, it will override the informa-
: tion included via YP. On some systems, the passwd field may also be
I'd also suggest that the function to ignore lines that looks like
they belong to YP only kicks in when one is actually using NIS (ie.
ypbind=YES), and spits out a warning otherwise ("YP-Style entry found
in /etc/passwd, but YP not active" or such).