Commit Graph

16 Commits

Author SHA1 Message Date
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Greg Lehey
9045b882d5 Clarify when the user gets a prompt for the old password, and that
passwords are not echoed.

Get quotes right in troff.
1999-05-03 00:56:05 +00:00
Tim Vanderhoek
61f74535f6 Change references from "passwordperiod" to "passwordtime", since
"passwordtime" is what passwd(1) has actually been using.  I suspect
passwordperiod was the original intent.  I can't figure-out which,
if either, BSDi uses.  If anyone knows...
1999-04-30 18:19:46 +00:00
Mark Murray
7deb53036d Back out the new crypt(3) stuff untill we can go through an independant
"make world" to make sure everything works properly.
1999-01-23 08:36:38 +00:00
Brandon Gillespie
669892b239 Added support for multiple hash formats, and new salt generation code.
It selects which hash format to use by checking /etc/auth.conf for
auth_default.  Leaving auth_default disabled will give the current
behaviour (use the same format as is currently used in the password,
or if a new password default to what crypt likes best--des if it exists).
Now you can set it to one of: des, best, md5 or sha1.  best is a synonym
for sha1, currently.
1999-01-22 15:33:54 +00:00
Bill Fumerola
71f14d164e We use login.conf, not login.cap
PR:		doc/8897
Submitted by:	Jonathan Hanna <pangolin@home.com>
1998-11-30 22:41:58 +00:00
Mark Murray
8f176b4353 Use KJH's auth.conf parser to turn on/off Kerberos in userland. 1998-10-09 06:38:33 +00:00
Steve Price
36f8699a07 The host commandline option is -h and not -s.
PR:		7703
Submitted by:	Yoshishige Arai <ryo2@on.rim.or.jp>
1998-08-24 00:56:20 +00:00
Steve Price
5f2833ea5e Type fix: when -> with
PR:		5420
Submitted by:	Jonathan Hanna <jh@pc-21490.bc.rogers.wave.ca>
1998-01-03 19:14:02 +00:00
Wolfram Schneider
f6b31571f6 spelling corrections.
PR: docs/4450
Submitted by: josh@quick.net
1997-09-13 16:01:53 +00:00
David Nugent
720cdec3f6 Adds login class support for local & nis passwords:
- minpasswordlen=n         override minimum password length for class.
    - passwordperiod=n[smhdwy] auto-set next password change date.
1997-02-10 15:42:12 +00:00
Alexander Langer
6361832ca8 Add synopsis for yppasswd. 1996-08-24 23:27:04 +00:00
Bill Paul
c2dfe9fe01 Merge in changes to support the new rpc.yppasswdd(8) and fix a few bugs.
In passwd(1):

- Gut most of yp_passwd.c and leave only a few things that aren't common
  to pw_yp.c.

- Add support for -d and -h flags to select domains and NIS server hosts
  to use when updating NIS passwords. This allows passwd(1) to be used
  for changing NIS passwords from machines that aren't configured as
  NIS clients. (This is mostly to allow passwd(1) to work on NIS master
  servers that aren't configured as clients -- an NIS server need not
  necessarily be configured as a client itself.)

  NOTE: Realize that having the ability to specify a domain and hostname
  lets you use passwd(1) (and chpass(1) too) to submit update requests
  to yppasswd daemons running on remote servers in remote domains which
  you may not even be bound to. For example, my machine at home is not
  an NIS client of the servers on the network that I manage, yet I can
  easily change my password at work using my FreeBSD box at home by doing:
  'passwd -d work.net.domain -h any.nis.server.on.my.net wpaul'. (Yes,
  I do use securenets at work; temporarily modified my securenets file
  to give my home system access.) Some people may not be too thrilled
  with this idea. Those who don't like this feature can recompile passwd(1)
  and chpass(1) with -DPARANOID to restrict the use of these flags to
  the superuser.

  (Oh, I should be adding proper securenets support to ypserv(8) and
  rpc.yppasswdd(8) over the weekend.)

- Merge in changes to allow root on the NIS master server to bypass
  authentication and change any user's NIS password. (The super-user
  on the NIS master already has privileges to do this, but doing it
  through passwd(1) is much easier than updating the maps by hand.)
  Note that passwd(1) communicates with rpc.yppasswdd(8) via a UNIX
  domain socket instead of via standard RPC/IP in this case.

- Update man page.

In chpass(1):

- Fix pw_yp.c to work properly in environments where NIS client
  services aren't available.

- Use realloc() instead of malloc() in copy_yp_pass() and copy_local_pass().

- Fix silly bug in copy_yp_pass(); some of the members of the passwd
  structure weren't being filled in correctly. (This went unnoticed
  for a while since the old yppasswdd didn't allow changes to the
  fields that were being botched.)

- chpass(1) now also allows the superuser on the NIS master server to
  make unrestricted changes to any user's NIS password information.

- Use UNIX domain comm channel to rpc.yppasswdd(8) when run by the
  superuser on the NIS master. This allows several new things:

   o superuser can update an entire master.passwd.{byname,byuid} entry
   o superuser can update records in arbitrary domains using -d flag to
     select a domain (before you could only change the default domain)
   o superuser can _add_ records to the NIS master.passwd maps, provided
     rpc.yppasswdd(8) has been started with the -a flag (to do this,
     the superuser must force NIS operation by specifying the -y flag
     to chpass(1) along with -a, i.e. 'chpass -y -a 'foo:::::::::')

- Back out the 'chpass -a <new password entry> breaks with NIS' fix
  from the last revision and fix it properly this time. The previous
  revision fixed the immediate problem but broke NIS operation in
  some cases.

- In edit.c, be a little more reasonable about deciding when to
  prevent the shell field from being changed.

  Submitted by Charles Owens <owensc@enc.edu>, who said:

  "I made a minor (one-line) modification to chpass, with regards
   to whether or not it allows the changing of shells.  In the 2.0.5 code,
   field changing follows the settings specified in the "list" structure
   defined in table.c .  For the shell, though, this is ignored.  A quick
   look in edit.c showed me why, but I don't understand why it was written as
   such.  The logic was

        if shell is standard shell, allow changing

   I changed it to

        if shell changing is allowed (per table.c) and it is a standard shell
             OR if uid=0, then allow changing."

   Makes sense to me.

- Update man page.
1996-02-23 16:08:59 +00:00
Mike Pritchard
b0ac1967ba Add a little info to this man page at the start so it doesn't
appear that ALL the passwd command does is change a users Kerberos
password, since that is incorrect.

Actually, this man page needs a good overhaul to better reflect systems
that don't have Kerberos installed.
1996-02-12 02:32:40 +00:00
Bill Paul
a3ce11a24d Remove the ypchfn/ypchsh stuff from passwd and leave just the
yppasswd support. The rest is moving into chpass.
1995-08-13 16:07:36 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00