Open Source Software

ypserv.conf(5)



NAME

   ypserv.conf - configuration file for ypserv and rpc.ypxfrd

DESCRIPTION

   ypserv.conf is an ASCII file which contains some options for ypserv. It
   also contains a list of rules for  special  host  and  map  access  for
   ypserv  and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd
   at startup, or when receiving a SIGHUP signal.

   There is one entry per line. If the line is a option line,  the  format
   is:

          option: <argument>

   The line for an access rule has the format:

          host:domain:map:security

   All  rules  are tried one by one. If no match is found, access to a map
   is allowed.

   Following options exist:

   files: 30
          This option specifies, how many database files should be  cached
          by  ypserv.   If 0 is specified, caching is disabled. Decreasing
          this number is only possible, if ypserv is restarted.

   trusted_master: server
          When a map is pushed to a slave, the slave normally only accepts
          updates  to  existing  maps, and then only from the real master.
          If this option is set on a slave server, new (not yet  existing)
          maps  from the host server will be accepted. The default is that
          no trusted master is set and new maps will not be accepted.
          Example:
          trusted_master: ypmaster.example.org

   slp: [yes|<no>|domain]
          If this option is enabled and SLP support compiled in,  the  NIS
          server  registers itself on a SLP server. If the variable is set
          to domain, an attribute domain with a comma  seperated  list  of
          supported  domainnames  is  set. Else this attribute will not be
          set.

   xfr_check_port: [<yes>|no]
          With this option enabled, the NIS master server has to run on  a
          priviliged port (< 1024). The default is "yes" (enabled).

   The field descriptions for the access rule lines are:

   host   IP address. Wildcards are allowed.
          Examples:
          131.234. = 131.234.0.0/255.255.0.0
          131.234.214.0/255.255.254.0

   domain specifies  the domain, for which this rule should be applied. An
          asterix as wildcard is allowed.

   map    name of the map, or asterisk for all maps.

   security
          one of none, port, deny:

   none   always allow access.

   port   allow access if the client request originates from a  priviliged
          port (< 1024). Otherwise do not allow access.

   deny   deny access to this map.

   You  can  add  /mangle:field to the none or port security keywords. The
   :field part is optional.  It  will  replace  field  number  field  (the
   default  is  2,  the password field of the passwd and shadow maps) with
   the value x for client requests from non-priviliged ports (>= 1024) for
   the  port  security  keyword  and  in  all  cases for the none security
   keyword.

FILES

   /etc/ypserv.conf

SEE ALSO

   ypserv(8), rpc.ypxfrd(8)

WARNINGS

   The access rules for special maps are no real improvement in  security,
   but they make the life a little bit harder for a potential hacker.

BUGS

   Solaris  clients  don't use privileged ports. All security options that
   depend on privileged ports cause big problems on Solaris clients.

AUTHOR

   Thorsten Kukuk <kukuk@suse.de>



Free and Open Source Software


Free Software Video

Useful Programs

Free Online Courses

Open Opportunity

Open Business