Programs first consult an NIS client's local /etc/passwd (and /etc/shadow) file to determine access permission before consulting the NIS maps. Therefore, every client's /etc/passwd file should contain entries for root and the primary users of the machine. Also, the /etc/passwd file should have an entry containing a ``+:'' (plus sign and colon) to force the use of the NIS maps passwd.byname and passwd.byuid. If there is no ``+:'' entry, programs will not consult the NIS maps at all.
There are three styles of ``+'' entries in the /etc/passwd file:
The /etc/passwd file can also have lines beginning with a ``-'' (minus sign) which means to disallow entries from the NIS service. There are two styles of ``-'' entries in /etc/passwd:
A typical NIS client's /etc/passwd file might look like:
root:x:0:1:Operator:/:/usr/bin/ksh mary:x:508:10:& Mary Sunshine:/usr2/mary:/usr/bin/ksh daemon:x:1:1::/: sync:x:1:1::/:/bin/sync +kelsey:x::::: +@downtown:no_login::::: +::::Guest::
In this example, there are specific entries for users root, mary, daemon and sync, to ensure that they can log in even when the system is running standalone. The user kelsey will have his password entry in the NIS database incorporated without change; anyone in the netgroup downtown will have their password field disabled, and anyone else will be able to log in with their usual password, shell, and home directory, but with a comment field of ``Guest''. The password field of the /etc/shadow entry for the netgroup downtown should contain the value ``LK''.
Note that earlier entries in /etc/passwd take precedence over, or mask, later entries with the same user name or same user ID. Therefore, please note the order of the entries in the example for the daemon and sync user names (which have the same user ID). Make sure you do not alter this order in your own file.