Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!noc.netcom.net!netcom.com!csus.edu!nic-nac.CSU.net!newshub.sdsu.edu!ucsnews!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul From: wpaul@ctr.columbia.edu (Bill Paul) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: npasswd Date: 7 Sep 1995 03:23:20 GMT Organization: Columbia University Center for Telecommunications Research Lines: 62 Message-ID: <42loj9$cv7@sol.ctr.columbia.edu> References: <42d72u$ktg@ussenterprise.ufp.org> <42f6td$7r7@sol.ctr.columbia.edu> <42jpk7$djo@buffnet2.buffnet.net> NNTP-Posting-Host: startide.ctr.columbia.edu X-Newsreader: TIN [version 1.2 PL2] Daring to challenge the will of the almighty Leviam00se, Superuser (root@buffnet.net) had the courage to say: : [deletia] : : a password for user 'xxx' rather than root. With NIS, root : : is not allowed to change entries for other users. This is : : because yppasswdd requires password authentication no matter : : who submits requests to it. So even if you were root, you'd : : still have to know user xxx's password before you could change it : : through NIS. If you want to force someone's password as root, : : you have to edit the /var/yp/master.passwd file on the NIS : : master server and then remake the NIS maps. : You cant use password on the master and then do it? Im curious since I : may use a freebsd for a master server if it wont trip me up. No, you can't use passwd on the master to do it. Yet. The default NIS configuration assumes that you will have a seperate master.passwd file as the source for your NIS passwd maps, which means I'd have to hack passwd to know to use the alternate file and run /usr/libexec/yppwupdate when it was finished. Unfortunately, I may not have time to implement this before 2.1 is frozen. (The Job That Ate My Brain (tm) is heating up: I have a bunch of fiber-optic cables to run and terminate (I _hate_ SC connectors!), a couple of HP workstations to hook up and configure, plus a buttload of accounts to create. I've also been informed that I'll soon have the chance to add AIX administration to my repetroire. Ugh.) : Has anyone used freebsd's NIS on a large install (over 500 users)?? The network that I use to test my NIS hackery has about 300 users and 50 hosts. I have a couple of FreeBSD clients on this network that all work fine. I have a port of the FreeBSD ypserv that I use on a second network of SGI systems with about 40 hosts (mostly Indys) and about 150 users (this will increase substantially as the semester progresses). This network has one master and one slave server, both of which are getting a heavy pounding and holding up quite well. (Granted this isn't the same as using true FreeBSD machines for servers, but this is supposed to be an all-SGI lab: much as I'd like to run FreeBSD over there, they won't let me.) Note that there are some NIS bugs in 2.0.5 that have been fixed in -current -- the ypserv port I use with the SGI systems has all the -current fixes in it. The one thing I'm a bit concerned about with large NIS password databases is netgroup substitutions: if you use +@netgroup entries in you local password files and you have a large netgroup database (along with a large passwd database) then there is a potential for a slowdown in getpwent() and friends. I've tried to make the matching/substitution code as fast as possible, but I think large netgroup databases can still bog things down. -Bill -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~T~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Bill Paul (212) 854-6020 | System Manager Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Møøse Illuminati: ignore it and be confused, or join it and be confusing! ~~~~~~ "Welcome to All Things BSDish! If it's not BSDish, it's crap!" ~~~~~~~