From owner-freebsd-questions Sat Mar 3 17:47:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from magus.nostrum.com (magus.nostrum.com [216.90.209.2]) by hub.freebsd.org (Postfix) with ESMTP id 4DBFA37B718 for ; Sat, 3 Mar 2001 17:47:11 -0800 (PST) (envelope-from pckizer@nostrum.com) Received: (from pckizer@localhost) by magus.nostrum.com (8.11.0/8.11.0) id f241l1v45352; Sat, 3 Mar 2001 19:47:01 -0600 (CST) Message-Id: <200103040147.f241l1v45352@magus.nostrum.com> From: Philip Kizer To: Roman Shterenzon Cc: "Brandon D. Valentine" , freebsd-questions@FreeBSD.ORG Subject: Re: NIS/YP problems on FBSD 4.2-STABLE In-reply-to: Your message of "Wed, 28 Feb 2001 16:00:20 +0200." <983368820.3a9d047476306@webmail.harmonic.co.il> Date: Sat, 03 Mar 2001 19:47:00 -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Roman Shterenzon wrote: >I think trhat what's missing in FreeBSD NIS implementation is the ability to >change password field to "x" for requests from high ports (the present >implementation just denies access). >I was looking into bringing this to FreeBSD (from linux), but unfortunately >didn't quite have time to get to it. I'm not sure exactly what you mean by "the present implementation just denies access". It's not the ypserv that 'change[s] password field to "x"', it's the map creation process. The FreeBSD stable ypserv Makefile will by default take the /var/yp/master.passwd, store it "securely" in master.passwd.by{name,uid}, and stip out the "extra" fields to make a passwd.by{name,uid} that contains "*" in the passwd field. The master.passwd.* maps are retreivable only from privileged ports due to the YP_SECURE field. See: (or /var/yp/Makefile*) for deatils on the map creation process. If you want to use the same NIS server for serving passwords "securely" to Linux and Solaris boxes, this patch (minus some fuzz) should do the trick for you (note the ${S} in the mkdb command for marking the map as "secure"): --- Makefile.yp Sat Mar 3 19:42:10 2001 +++ Makefile Sat Mar 3 19:42:29 2001 @@ -125,0 +126,2 @@ +TARGETS+= passwd.adjunct.byname +TARGETS+= shadow.byname @@ -587,0 +590,28 @@ + +passwd.adjunct.byname: $(MASTER) + @echo "Updating $@..." +.if ${MASTER} == "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + $(CAT) $(MASTER) | \ + $(AWK) -F: 'BEGIN{OFS=":"}{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 !~ /^+/ && $$1 !~ /^-/) print $$1"\t"$$1,$$2,$$3,$$4,$$8,$$9,$$10 }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif + +shadow.byname: $(MASTER) + @echo "Updating $@..." +.if ${MASTER} == "/dev/null" + @echo "Master.passwd source file not found -- skipping" +.else + $(CAT) $(MASTER) | \ + $(AWK) -F: 'BEGIN{OFS=":"}{ if ($$1 != "" && $$1 !~ "^#.*" && $$1 !~ "^+" && $$1 !~ /^-/) print $$1"\t"$$1,$$2,$$6,":::",$$7,"" }' $^ \ + | $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \ + $(RMV) $(TMP) $@ + @$(DBLOAD) -c + @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi + @if [ ! $(NOPUSH) ]; then echo "Pushed $@ map." ; fi +.endif Please let me know if I misunderstood you, -philip -- Philip Kizer, USENIX Liaison to Texas A&M University Texas A&M CIS Operating Systems Group, Unix To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message