# From thorpej@nas.nasa.gov Tue Nov 19 06:48:49 1996
#  greywolf@siva.captech.com (Grey Wolf) wrote:
# 
#  > Actually, I saw this happen as well.  It seems that the NetBSD implementation
#  > requires that you leave the uid/gid fields blank rather than use zeros as
#  > the password routines on the NIS client side will not ignore them as most
#  > other implementations do.
# 
# This is actually a feature, as explained in the passwd(5) manual page.  It
# allows a system administrator to map some or all users to `nobody's uid,
# for example.

Yes, but you can do that anyway without mapping 0; do you see what I'm
saying?

You can do

+::-2:-2::::::

(might have missed one field or added one, but you get the idea).

This maps all users to -2 (or whatever nobody is set to these days).

The idea of not allowing users to map to 0 from YP I think was meant to
inhibit people from doing stupid things like converting some other user
to root.  uid/gid 0 were silently ignored in the translations.

What you say above about mapping to "nobody"'s uid doesn't relate to
what happens at all.

# 
#  > This could have some serious implications for the "naive administrator" who
#  > expects NIS to follow certain conventions.
# 
# Well, it is documented (in a fairly obvious place), so I don't really
# consider it a bug.

I can see that, but it's gonna bite the sysadmin who foolishly makes
the assumption that NIS works here the same way it works everywhere else.
The standard way of putting an NIS template in place is to substitute
zeros where integers are expected; I suspect this was because crufty
versions could not handle null strings instead of a zero, since

+::::::

now works under StunOS.

# 
# Jason R. Thorpe                                       thorpej@nas.nasa.gov
# NASA Ames Research Center                               Home: 408.866.1912
# NAS: M/S 258-6                                          Work: 415.604.0935
# Moffett Field, CA 94035                                Pager: 415.428.6939
# 

				--*greywolf;