Copyright (C) 2000-2012 |
Manpages YPSERVSection: Linux Reference Manual (8)Updated: April 1997 Index Return to Main Contents NAMEypserv - NIS serverSYNOPSIS/usr/sbin/ypserv [ -b ] [ -d [ path ] ] [ -p port ]DESCRIPTIONThe Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. The databases are gdbm files in a directory tree rooted at /var/yp. The ypserv daemon typically activated at system startup. ypserv runs only on NIS server machines with a complete NIS database. On other machines using the NIS services, you have to run ypbind as client or under Linux you could use the libc with NYS support. ypbind must run on every machine which has NIS client processes; ypserv may or may not be running on the same node, but must be running somewhere on the network. On startup or when receiving the signal SIGHUP, ypserv parses the file /etc/ypserv.conf. OPTIONS
SECURITYIn general, any remote user can issue an RPC to ypserv and retrieve the contents of your NIS maps, if he knows your domain name. To prevent such unauthorized transactions, ypserv supports a feature called ypserv.securenets which can be used to restrict access to a given set of hosts. At startup or when arriving the SIGHUP Signal, ypserv will attempt to load the securenets information from a file called /etc/ypserv.securenets This file contains entries that consist of a netmask and a network pair separated by white spaces. Lines starting with ``#'' are considered to be comments.
If ypserv receives a request from an address that fails to match a rule, the request will be ignored and a warning message will be logged. If the /etc/ypserv.securenets file does not exist, ypserv will allow connections from any host. If the tcp wrappers security lookups was enabled at compile time in the Makefile, then ypserv will use the /etc/hosts.allow and /etc/hosts.deny files (which most people already have) and not the /etc/ypserv.securenets. If you have got a binary package, try ypserv --version to get a hint which version you have. In the /etc/ypserv.conf you could specify some access rules for special maps and hosts. But it is not very secure, it make the life only a little bit harder for potential hacker. If a mapname doesn't match a rule, ypserv will look for the YP_SECURE key in the map. If it exists, ypserv will only allow requests on a reserved port. For security reasons, ypserv will only accepts ypproc_xfr requests for updating maps from the same master server as the old one. This means, you have to reinstall the slave servers if you change the master server for a map. FILES/etc/ypserv.conf /etc/ypserv.securenetsSEE ALSOdomainname(1), ypcat(1), ypmatch(1), ypserv.conf(5), netgroup(5), makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8), ypwhich(8), ypxfr(8), rpc.ypxfrd(8)The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission. AUTHORypserv was written by Peter Eriksson <pen@lysator.liu.se>. Thorsten Kukuk <kukuk@suse.de> added support for master/slave server and is the new Maintainer.
IndexThis document was created by man2html, using the manual pages. Time: 17:14:50 GMT, December 05, 2024 |