(I'm not on this list- please reply to me directly- I'm only sending
to this list because I assume that people on it are more attuned
to system security than I am).

/etc/security doesn't grok YP tokens in master.passwd or group
files and thus the daily security output complains about these
tokens.

Would it be considered a *weakening* of security to
put in changes to /etc/security to ignore these tokens?

-matt


--- security	Mon Jan 26 06:20:28 1998
+++ /etc/security	Sat Jul 25 10:55:53 1998
@@ -43,8 +43,8 @@
 MP=/etc/master.passwd
 
 # these is used several times.
-awk -F: '{ print $1 " " $3 }' $MP | sort -k2n > $MPBYUID
-awk -F: '{ print $1 " " $9 }' $MP | sort -k2 > $MPBYPATH
+awk -F: '$0 != "+:::::::::" { print $1 " " $3 } ' $MP | sort -k2n > $MPBYUID
+awk -F: '$0 != "+:::::::::" { print $1 " " $9 } ' $MP | sort -k2 > $MPBYPATH
 
 # Check the master password file syntax.
 if checkyesno check_passwd; then
@@ -59,6 +59,9 @@
 	}
 
 	{
+		if ($0 == "+:::::::::") {
+			next
+		}
 		if ($0 ~ /^[	 ]*$/) {
 			printf "Line %d is a blank line.\n", NR;
 			next;
@@ -127,7 +130,7 @@
 # Check the group file syntax.
 if checkyesno check_group; then
 	GRP=/etc/group
-	awk -F: '{
+	sed '/^+:::$/' $GRP | awk -F: '{
 		if ($0 ~ /^[	 ]*$/) {
 			printf "Line %d is a blank line.\n", NR;
 			next;
@@ -141,7 +144,7 @@
 			printf "Group %s has more than 8 characters.\n", $1;
 		if ($3 !~ /[0-9]*/)
 			printf "Login %s has a negative group id.\n", $1;
-	}' < $GRP > $OUTPUT
+	}' > $OUTPUT
 	if [ -s $OUTPUT ] ; then
 		printf "\nChecking the $GRP file:\n"
 		cat $OUTPUT