SUMMARY: NIS map sharing amongst domains

From: Darie Duclos (
Date: Wed Mar 02 1994 - 12:06:55 CST

I received many answers to the following problem:

> - server b has no maps maintained locally (yet). It does hourly
> ypxfr's to server a in domain to keep its maps up-to-date.
> It keeps the maps in /var/yp/
> - typing "passwd" on server b (in domain affects the passwd
> file on server a in domain!!
> How does this happen? How is a passwd request handled by yppasswdd
> in a different domain? Or does recognize where its passwd
> map comes from?

In fact, the last hypothesis was the closest. Each YP map "knows" its
master. This can be extracted either by:

- typing: ypmatch YP_MASTER_NAME passwd

  (do not substitute anything for YP_MASTER_NAME)

- or: /usr/etc/yp/makedbm -u passwd

  while in the /var/yp/<domainname> directory. 2 entries appear that do
  not appear when doing a simple ypcat. One is the master, the other is
  the time (in seconds since Jan., 1st 1970) at which the map was (re)built.

- or even: ypwhich -m

  This gives you the full list of maps with the master of each one.

> Of course the information about the password change will not
> actually take effect in domain until the next time passwd
> is ypxfr'd, but I will fix that so that passwd in domain gets
> "pushed" to server b as well.

For this part, a few people suggested (as mentioned in O'Reilly's NFS & NIS)
that I include some lines in the "passwd.time" part of my YP Makefile which
would cause the passwd *file* to be rcp'd to the secondary domain master and
then rsh a "make" to this server to propagate the changes.

I have no doubt that this works, but doesn't it break the part about
"passwd" finding the right yppasswd server? If a "make" is run on the
secondary domain master, it will now own the map. Password changes in this
domain will no longer go to the primary domain master as they so nicely do now.

What I did instead is to rsh a ypxfr. Amongst my ypxfr(_1perhour, _1perday..)
scripts, I have one called ypxfr_passwd, which does only the passwd map.
It looks like this:

        export PATH

        # set DOMAIN to primary domain and MASTER to primary master

        ypxfr -h $MASTER -s $DOMAIN passwd.byname
        ypxfr -h $MASTER -s $DOMAIN passwd.byuid

Then I added into the passwd.time portion of my YP Makefile on the
primary domain master the following lines:

        @echo "updating passwd in domain";
        @rsh seashore /usr/local_adm/etc/ypxfr_passwd
        @echo "pushed passwd in domain";

Now my passwd file in the secondary domain ( is
updated within a minute of any change, and the master of the map remains
that of the primary domain so that all change requests go to the same

Sorry if I've bored you with excrutiating detail, but I figure it could
be useful for someone who's not very experienced with NIS (like me :-) ).

Many thanks to: (Bernhard Weinelt)
Rich Schultz <> (Klas Jeirud Z/OD) (John Moran Z/OD)

Apologies to: (Anders Gustafsson)
        for failing to acknowledge that you provided the basics
        of a solution last year. It was too complicated for me to
        grasp at the time. Seems easy now though. :-)

/ Darie Duclos / "All my life I've wanted to be \
\ Ericsson Research Canada \ somebody. Now I see I should /
/ Darie.Duclos@LMC.Ericsson.SE / have been more specific." \
\ Montreal, Canada \ -- Lily Tomlin /


This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:57 CDT