Implement new mode for NIS passwd.adjunct.byname table.

The passwd.adjunct.byname table will not be used to fill in password fields
in the passwd.byname replies.  Instead it is used to synthesize the
shadow.byname table, should it be missing.  This is a useful mode in some
installations involving Solaris.

1 files changed, 10 insertions, 1 deletions

diff --git a/nis/nss b/nis/nss
index aab40ab3f0..0ac6774a1f 100644
--- a/nis/nss
+++ b/nis/nss
@@ -1,7 +1,7 @@
 # /etc/default/nss
 # This file can theoretically contain a bunch of customization variables
 # for Name Service Switch in the GNU C library.  For now there are only
-# three variables:
+# four variables:
 #
 # NETID_AUTHORITATIVE
 #   If set to TRUE, the initgroups() function will accept the information
@@ -26,3 +26,12 @@
 #  might result into a network communication with the server to get
 #  the next entry.
 #SETENT_BATCH_READ=TRUE
+#
+# ADJUNCT_AS_SHADOW
+#  If set to TRUE, the passwd routines in the NIS NSS module will not
+#  use the passwd.adjunct.byname tables to fill in the password data
+#  in the passwd structure.  This is a security problem if the NIS
+#  server cannot be trusted to send the passwd.adjuct table only to
+#  privileged clients.  Instead the passwd.adjunct.byname table is
+#  used to synthesize the shadow.byname table if it does not exist.
+#ADJUNCT_AS_SHADOW=TRUE