NAME

       ypserv.conf - configuration file for ypserv and rpc.ypxfrd

DESCRIPTION

       ypserv.conf  is  an  ASCII file which contains some options for ypserv. It also contains a
       list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be
       read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal.

       There is one entry per line. If the line is a option line, the format is:

              option: <argument>

       The line for an access rule has the format:

              host:domain:map:security

       All rules are tried one by one. If no match is found, access to a map is allowed.

       Following options exist:

       files: 30
              This option specifies, how many database files should be cached by ypserv.  If 0 is
              specified, caching is disabled. Decreasing this number is only possible, if  ypserv
              is restarted.

       trusted_master: server
              When  a  map  is  pushed  to  a  slave,  the slave normally only accepts updates to
              existing maps, and then only from the real master.  If this  option  is  set  on  a
              slave  server,  new  (not yet existing) maps from the host server will be accepted.
              The default is that no trusted master is set and new maps will not be accepted.
              Example:
              trusted_master: ypmaster.example.org

       slp: [yes|<no>|domain]
              If this option is enabled and SLP support compiled in,  the  NIS  server  registers
              itself  on a SLP server. If the variable is set to domain, an attribute domain with
              a comma seperated list of supported domainnames is set. Else  this  attribute  will
              not be set.

       xfr_check_port: [<yes>|no]
              With  this option enabled, the NIS master server has to run on a priviliged port (<
              1024). The default is "yes" (enabled).

       The field descriptions for the access rule lines are:

       host   IP address. Wildcards are allowed.
              Examples:
              131.234. = 131.234.0.0/255.255.0.0
              131.234.214.0/255.255.254.0

       domain specifies the domain, for which this rule should be applied. An asterix as wildcard
              is allowed.

       map    name of the map, or asterisk for all maps.

       security
              one of none, port, deny:

       none   always allow access.

       port   allow  access  if  the  client  request originates from a priviliged port (< 1024).
              Otherwise do not allow access.

       deny   deny access to this map.

       You can add /mangle:field to the none or  port  security  keywords.  The  :field  part  is
       optional.  It will replace field number field (the default is 2, the password field of the
       passwd and shadow maps) with the value x for client requests from non-priviliged ports (>=
       1024) for the port security keyword and in all cases for the none security keyword.

FILES

       /etc/ypserv.conf

SEE ALSO

       ypserv(8), rpc.ypxfrd(8)

WARNINGS

       The  access  rules for special maps are no real improvement in security, but they make the
       life a little bit harder for a potential hacker.

BUGS

       Solaris clients don't use privileged ports. All security options that depend on privileged
       ports cause big problems on Solaris clients.

AUTHOR

       Thorsten Kukuk <kukuk@suse.de>