Correct the example on how to prevent NIS users from logging in.

The previous instructions did not work and this corrected version
is based on a working config from a production system. Add some
descriptive text, too.

Submitted by:	Glen Neff

en_US.ISO8859-1/books/handbook/network-servers/chapter.xml

@@ -1951,10 +1951,13 @@ nis_client_enable="YES"</programlisting>
       <para>There is a way to bar specific users from logging on to a
 	machine, even if they are present in the NIS database.  To do
 	this, all you must do is add
-	<literal>-<replaceable>username</replaceable></literal> to the
+	<literal>-<replaceable>username</replaceable></literal> with
+	the correct number of colons like other entries to the
 	end of the <filename>/etc/master.passwd</filename> file on the
 	client machine, where <replaceable>username</replaceable> is
 	the username of the user you wish to bar from logging in.
+	The line with the blocked user must be before the
+	<literal>+</literal> line for allowing NIS users.
 	This should preferably be done using <command>vipw</command>,
 	since <command>vipw</command> will sanity check your changes
 	to <filename>/etc/master.passwd</filename>, as well as
@@ -1964,7 +1967,7 @@ nis_client_enable="YES"</programlisting>
 	<hostid>basie</hostid> we would:</para>
 
       <screen>basie&prompt.root; <userinput>vipw</userinput>
-<userinput>[add -bill to the end, exit]</userinput>
+<userinput>[add -bill::::::::: to the end, exit]</userinput>
 vipw: rebuilding the database...
 vipw: done
 
@@ -1985,8 +1988,8 @@ uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucic
 xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
 pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+-bill:::::::::
 +:::::::::
--bill
 
 basie&prompt.root;</screen>
     </sect2>