Security on a system running NIS depends on how programs consult the files in the /etc directory that are equivalent to the input files for the NIS maps. A machine's local files are consulted first including passwd, group, and aliases. The program next consults maps in the NIS domain that correspond to the local files. For example, a machine checks its own /etc/aliases file for mail aliases, then checks the mail.aliases NIS map.
The passwd file is a good example of how local files take precedence in an NIS environment. When users run the passwd command to change their passwords, the passwd command first checks if the user has an entry in the local /etc/passwd file. If there is no such entry, and NIS is running, and there is a ``+'' escape line in the local file, the passwd command acts as yppasswd(1nis) and changes the user's password on the NIS master server for the passwd map.
``Where passwords are modified when NIS is running'' summarizes how the passwd command works when NIS is running. For information about the Identification and Authentication (I&A) database mentioned in the table, see the creatiadb(1M) manual page.
Where passwords are modified when NIS is running
|User entry in||User password in||User password modified in|
|local /etc/passwd and /etc/shadow||local I&A security database and /etc/shadow||local I&A security database and /etc/shadow|
|local /etc/passwd and /etc/shadow||NIS password database and local /etc/shadow||local /etc/shadow entry (overrides NIS password)|
|local /etc/passwd and /etc/shadow||NIS password database||NIS password database|
|Only a + entry in /etc/passwd||NIS password database||NIS password database|
On a network with NIS, information is obtained from the NIS maps corresponding to these local files with the following exceptions: