bionic (5) ypserv.conf.5.gz

Provided by: nis_3.17.1-1build1_amd64 bug

NAME

       ypserv.conf - configuration file for ypserv and rpc.ypxfrd

DESCRIPTION

       ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for
       special host and map access for ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at
       startup, or when receiving a SIGHUP signal.

       There is one entry per line. If the line is a option line, the format is:

              option: <argument>

       The line for an access rule has the format:

              host:domain:map:security

       All rules are tried one by one. If no match is found, access to a map is allowed.

       Following options exist:

       files: 30
              This  option  specifies,  how  many database files should be cached by ypserv.  If 0 is specified,
              caching is disabled. Decreasing this number is only possible, if ypserv is restarted.

       trusted_master: server
              When a map is pushed to a slave, the slave normally only accepts updates  to  existing  maps,  and
              then  only  from the real master.  If this option is set on a slave server, new (not yet existing)
              maps from the host server will be accepted. The default is that no trusted master is set  and  new
              maps will not be accepted.
              Example:
              trusted_master: ypmaster.example.org

       slp: [yes|<no>|domain]
              If  this  option  is enabled and SLP support compiled in, the NIS server registers itself on a SLP
              server. If the variable is set to domain, an attribute domain  with  a  comma  seperated  list  of
              supported domainnames is set. Else this attribute will not be set.

       xfr_check_port: [<yes>|no]
              With  this  option  enabled,  the  NIS master server has to run on a priviliged port (< 1024). The
              default is "yes" (enabled).

       The field descriptions for the access rule lines are:

       host   IP address. Wildcards are allowed.
              Examples:
              131.234. = 131.234.0.0/255.255.0.0
              131.234.214.0/255.255.254.0

       domain specifies the domain, for which this rule should be applied. An asterix as wildcard is allowed.

       map    name of the map, or asterisk for all maps.

       security
              one of none, port, deny:

       none   always allow access.

       port   allow access if the client request originates from a priviliged port (< 1024).  Otherwise  do  not
              allow access.

       deny   deny access to this map.

       You  can  add  /mangle:field  to the none or port security keywords. The :field part is optional. It will
       replace field number field (the default is 2, the password field of the passwd and shadow maps) with  the
       value  x for client requests from non-priviliged ports (>= 1024) for the port security keyword and in all
       cases for the none security keyword.

FILES

       /etc/ypserv.conf

SEE ALSO

       ypserv(8), rpc.ypxfrd(8)

WARNINGS

       The access rules for special maps are no real improvement in security, but they make the  life  a  little
       bit harder for a potential hacker.

BUGS

       Solaris  clients  don't  use privileged ports. All security options that depend on privileged ports cause
       big problems on Solaris clients.

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>