NFS Services Administrator's Guide
Configuring and Administering NIS
Configuring and Administering an NIS Client
Chapter 4182
To Edit the NIS Client’s passwd File
• Remove all users from the /etc/passwd file except the root user and
the system entries required for your system to boot. By convention,
system entries usually have user IDs less than 100, so you can
remove all entries with user IDs of 100 or greater.
• The Name Service Switch configuration file provided for NIS
(/etc/nsswitch.nis) causes your host to check its local
/etc/passwd file and then continue to the NIS passwd map if the
requested information is not in the local file. However, in previous
releases, you had to add a plus sign (+) to the /etc/passwd file to
cause your host to check the NIS passwd database.
If you want your host to behave as it did before HP-UX release 10.30,
add the following entry as the last line in the /etc/passwd file:
+::-2:60001:::
Also, make sure your /etc/nsswitch.conf file specifies compat as
the name service for passwd. See “Configuring the Name Service
Switch” on page 267.
The plus sign (+) causes processes to consult NIS for any user
information not found in the local /etc/passwd file.
The -2 in the user ID field restricts the access of people who may
attempt to log in using “+” as a valid user name when NIS is not
running. Anyone who successfully logs in as “+” will be granted only
the access permissions of user nobody.
CAUTION Do not put an asterisk (*) in the password field on HP systems. On
Sun systems, an asterisk in the password field prevents people from
logging in as “+” when NIS is not running. However, on HP systems,
the asterisk prevents all users from logging in when NIS is running.
The changes you make to the /etc/passwd file on an NIS client are the
same changes you make on an NIS slave server. Following is an example
/etc/passwd file on an NIS client:
root:0AnhFBmriKvHA:0:3: :/:/bin/ksh
daemon:*:1:5::/:/bin/sh
bin:*:2:2::/bin:/bin/sh
adm:*:4:4::/usr/adm:/bin/sh