Administering NIS users

How NIS maps affect security

Security on a system running NIS depends on how programs consult the files in the /etc directory that are equivalent to the input files for the NIS maps. A machine's local files are consulted first including passwd, group, and aliases. The program next consults maps in the NIS domain that correspond to the local files. For example, a machine checks its own /etc/aliases file for mail aliases, then checks the mail.aliases NIS map.

The passwd file is a good example of how local files take precedence in an NIS environment. When users run the passwd command to change their passwords, the passwd command first checks if the user has an entry in the local /etc/passwd file. If there is no such entry, and NIS is running, and there is a ``+'' escape line in the local file, the passwd command acts as yppasswd(1nis) and changes the user's password on the NIS master server for the passwd map.

``Where passwords are modified when NIS is running'' summarizes how the passwd command works when NIS is running. For information about the Identification and Authentication (I&A) database mentioned in the table, see the creatiadb(1M) manual page.

Where passwords are modified when NIS is running

User entry in User password in User password modified in
local /etc/passwd and /etc/shadow local I&A security database and /etc/shadow local I&A security database and /etc/shadow
local /etc/passwd and /etc/shadow NIS password database and local /etc/shadow local /etc/shadow entry (overrides NIS password)
local /etc/passwd and /etc/shadow NIS password database NIS password database
Only a + entry in /etc/passwd NIS password database NIS password database
The following files in each machine's /etc directory contain network information: hosts, networks, ethers, services, netmasks, and protocols.

NOTE: Some of the files in this list are not used by UnixWare. They could be accessed by other machines on the network, however.

On a network with NIS, information is obtained from the NIS maps corresponding to these local files with the following exceptions:

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004