diff options
| author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2009-03-27 12:31:32 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2009-03-27 12:31:32 +0000 |
| commit | d93fc1a1684488d7b21a605d1bc0be48c5396c06 (patch) | |
| tree | 9742e657056b95cbd413a1db24a2148f181e06f8 /share | |
| parent | ac75bc8f28649ab06beac0d936bac5f22de43add (diff) | |
getgrouplist: If YP is #defined and enabled in /etc/group(5) and /etc/netid(5)
contains a matching entry, use that and refrain from accessing YP.
getpwnam/getpwuid: If YP is #defined and /etc/master.passwd(5) contains
a matching entry before the first YP entry, use that and stay away from YP.
Taken together, this allows a solution to the following problem pointed
out by deraadt@: When YP was configured but temporarily unavailable, even
root login would block, hindering you when trying to do repairs.
To avoid this, you can now provide a static entry for root in /etc/netid.
Using suggestions from miod@ otto@ blambert@ jmc@.
"commit" deraadt@, "cool" ajacoutot@, "looks fine" jmc@.
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/group.5 | 10 | ||||
| -rw-r--r-- | share/man/man5/passwd.5 | 10 |
2 files changed, 16 insertions, 4 deletions
diff --git a/share/man/man5/group.5 b/share/man/man5/group.5 index b828451b74e..302b80d88ac 100644 --- a/share/man/man5/group.5 +++ b/share/man/man5/group.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: group.5,v 1.12 2008/07/28 16:27:39 deraadt Exp $ +.\" $OpenBSD: group.5,v 1.13 2009/03/27 12:31:31 schwarze Exp $ .\" $NetBSD: group.5,v 1.4 1995/07/28 06:41:39 phil Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -31,7 +31,7 @@ .\" .\" @(#)group.5 8.3 (Berkeley) 4/19/94 .\" -.Dd $Mdocdate: July 28 2008 $ +.Dd $Mdocdate: March 27 2009 $ .Dt GROUP 5 .Os .Sh NAME @@ -130,6 +130,11 @@ See and .Xr getgrouplist 3 for details. +.Pp +When YP is enabled but temporarily unavailable, login becomes impossible +for all users except those having an entry in the +.Xr netid 5 +file. .Sh FILES .Bl -tag -width /etc/group -compact .It Pa /etc/group @@ -139,6 +144,7 @@ for details. .Xr setgroups 2 , .Xr crypt 3 , .Xr initgroups 3 , +.Xr netid 5 , .Xr passwd 5 , .Xr yp 8 .Sh HISTORY diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5 index 21b45e1ad33..d9faf023476 100644 --- a/share/man/man5/passwd.5 +++ b/share/man/man5/passwd.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: passwd.5,v 1.34 2008/10/22 20:31:20 jmc Exp $ +.\" $OpenBSD: passwd.5,v 1.35 2009/03/27 12:31:31 schwarze Exp $ .\" $NetBSD: passwd.5,v 1.4 1995/07/28 06:46:05 phil Exp $ .\" .\" Copyright (c) 1988, 1991, 1993 @@ -31,7 +31,7 @@ .\" .\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 .\" -.Dd $Mdocdate: October 22 2008 $ +.Dd $Mdocdate: March 27 2009 $ .Dt PASSWD 5 .Os .Sh NAME @@ -278,6 +278,11 @@ will result in containing: .Pp +:*:0:0::: +.Pp +When YP is enabled but temporarily unavailable, login becomes impossible +for all users except those having an entry in the +.Xr netid 5 +file. .Sh SEE ALSO .Xr chpass 1 , .Xr login 1 , @@ -286,6 +291,7 @@ containing: .Xr getpwent 3 , .Xr login.conf 5 , .Xr netgroup 5 , +.Xr netid 5 , .Xr adduser 8 , .Xr Makefile.yp 8 , .Xr pwd_mkdb 8 , |