passwd and the nsswitch.conf File

The name service switch determines where the passwd command (and other commands) obtains and stores password information. If the passwd entry of the applicable nsswitch.conf file points to:

• nisplus. Password information will be obtained, modified, and stored in the passwd and cred tables of the appropriate domain.

• nis. Password information will be obtained, modified, and stored in passwd maps.

• files. Password information will be obtained, modified, and stored in the /etc/passwd and /etc/shadow files.

The passwd -r Option

When you run the passwd command with the -r nisplus, -r nis, or -r files arguments, those options override the nsswitch.conf file setting. You will be warned that this is the case. If you continue, the -r option will cause the passwd command to ignore the nsswitch.conf file sequence and update the information in the password information storage location pointed to by the -r flag.

For example, if the passwd entry in the applicable nsswitch.conf file reads:

 passwd: files nisplus

files is the first (primary) source, and passwd run without the -r option will get its password information from the /etc/passwd file. If you run the command with the -r nisplus option, passwd will get its information from the appropriate NIS+ passwd table and make its changes to that table, not to the /etc/passwd file.

The -r option should only be used when you cannot use the nsswitch.conf file because the search sequence is wrong. For example, when you need to update password information that is stored in two places, you can use the order specified in the nsswitch.conf file for the first one, but for the second one you have to force the use of the secondary or tertiary source.

The message:

Your specified repository is not defined in the nsswitch file!

indicates that your change will be made to the password information in the repository specified by the -r option, but that change will not affect anyone until the nsswitch.conf file is changed to point to that repository. For example, suppose the nsswitch.conf file reads passwd: files nis and you use the -r nisplus option to establish password-aging limits in an NIS+ passwd table. Those password-aging rules will sit in that table unused because the nsswitch.conf file is directing everyone to other places for their password information.