Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!uunet!in2.uu.net!newsfeed.internetmci.com!howland.reston.ans.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: NIS client config - passwd/group entry
Date: 1 Mar 1996 17:45:42 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 131
Message-ID: <4h7d46$g1t@sol.ctr.columbia.edu>
References: <31360956.7C21@arrakis.comm.pub.ro>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]
Daring to challenge the will of the almighty Leviam00se, Alex Maranda
(alex@arrakis.comm.pub.ro) had the courage to say:
: Hello, is anybody out there to help a man too tired to think :-( ?
We do our best.
: I switched a bunch of PC's (3 to be exact) from Linux to FreeBSD 2.1.0.
: I want to keep my NFS with a HP workstation - On Linux I resolved the
: authentification by simply hacking the /etc/passwd from HP and copying
: it to clients.
: ..tried to do the same on FreeBSD (after installing DES) but with no
: succes.
: The passwd man page keep talking about Kerberos and differences from
: historic V7 format , pwd_mkdb complains about corrupted data files
: ...are the passwords stored in binary format in /etc/pwd.db or it's just
: my imagination ?
It's not your imagination, but it isn't binary format. It's a hash
database. In fact, there are four relevant files in the 4.4BSD user
database system:
/etc/master.passwd -- the master template file - everything else is generated
from this - this is in 4.4BSD format, which is like
the old v7 /etc/passwd format but with more fields.
/etc/passwd -- compatibility file -- genrated from master.passwd --
the system does not use this file in any way: it's
there for old programs that might try to parse the
v7 passwd format.
/etc/spwd.sp -- hashed database of master.passwd -- same data as
the template file but in a special database format
to speed up searches on systems with many users
/etc/pwd.dp -- hash database of /etc/passwd
You're supposed to edit /etc/master.passwd to add new fields and generate
the rest with the pwd_mkdb command. (vipw(8) invokes pwd_mkdb for you.)
NEVER NEVER NEVER edit /etc/passwd!!!!!
I'll say that again for those of you who missed it:
NEVER NEVER NEVER edit /etc/passwd!!!!!
Always make all you changes to /etc/master.passwd and then be sure that
pwd_mkdb runs to update the whole database system. Read the /etc/master.passwd
file a coupel of times. Notice the extra fields. Scrutinize the passwd(5)
man page and try to understand what those extra fields mean. Understand
that pwd_mkdb(8) will not rebuild the password databases if /etc/master.passwd
does not match the format outlined in this man page.
: I finally decided to move the whole thing to NIS. After one day of work
: I have the NIS server up and running on HP, and I also managed to
: configure the NIS clients
: ( I mean that at least I can see from FreeBSD the NIS maps with ypcat )
Okay.
: However, it's still useless, because when I try to append the beloved
: +::0:0:::
NO!!!!
The passwd(5) man page quite clearly says this:
UID and GID remapping with NIS overrides
[...]
This is important to remember because most people are accustomed to using
an NIS wildcard entry that looks like this:
+:*:0:0:::
This often leads to new FreeBSD admins choosing NIS entries for their
master.passwd files that look like this:
+:*:0:0::::::
Or worse, this
+::0:0::::::
DO _NOT_ PUT ENTRIES LIKE THIS IN YOUR master.passwd FILE!! The first
tells FreeBSD to remap all passwords to `*' (which will prevent anybody
from logging in) and to remap all UIDs and GIDs to 0 (which will make ev-
erybody appear to be the superuser). The second case just maps all UIDs
and GIDs to 0, which means that all users will appear to be root!
: respectively +: to passwd - master.passwd / group files, all I can get
: is login
NEVER NEVER NEVER edit /etc/passwd!!!!!
: incorrect/user does not exist; If I run pwd_mkdb on the damn passwd of
: course I get
: "corrupted data file"...generally speaking, after 10 hours it became
: clear to me that
: the authentification scheme in FreeBSD is beyond my limited imagination
: or it is too
: obvious to see it. Meanwhile I sit here looping { for(;;); }
I find it hard to believe that the man page is that indecipherable,
expecially when it says this:
YP/NIS INTERACTION
Enabling access to NIS passwd data
The system administrator can configure FreeBSD to use NIS/YP for its
password information by adding special records to the /etc/master.passwd
file. These entries should be added with vipw(8) so that the changes can
be properly merged with the hashed password databases and the /etc/passwd
file ( /etc/passwd should never be edited manually). Alternatively, the
administrator can modify /etc/master.passwd in some other way and then
manually update the password databases with pwd_mkdb(8).
The simplest way to activate NIS is to add an empty record with only a
plus sign (`+') in the name field, such as this:
+:::::::::
It really is that easy.
-Bill
--
=============================================================================
-Bill Paul (212) 854-6020 | System Manager
Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
License error: The license for this .sig file has expired. You must obtain
a new license key before any more witty phrases will appear in this space.
=============================================================================