NAME
ypserv.conf - configuration file for ypserv and rpc.ypxfrdDESCRIPTION
ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal. There is one entry per line. If the line is a option line, the format is:option: argument
host:domain:map:security
This option specifies, how many database files
should be cached by ypserv. If 0 is specified, caching is disabled.
Decreasing this number is only possible, if ypserv is restarted.
trusted_master: server
If this option is set on a slave server, new
maps from the host server will be accepted as master. The default is,
that no trusted master is set and new maps will not be accepted.
Example:
slp: [yes|<no>|domain]
trusted_master: ypmaster.example.org
If this option is enabled and SLP support
compiled in, the NIS server registers itself on a SLP server. If the variable
is set to domain, an attribute domain with a comma seperated
list of supported domainnames is set. Else this attribute will not be set. The
default is "no" (disabled).
xfr_check_port: [<yes>|no]
With this option enabled, the NIS master
server have to run on a port < 1024. The default is "yes"
(enabled).
The field descriptions for the access rule lines are:
host
IPv4 only address. Wildcards are allowed. This
rules are ignored for IPv6, which means it is better to not use this option at
all anymore.
Examples:
domain
131.234. = 131.234.0.0/255.255.0.0 131.234.214.0/255.255.254.0
specifies the domain, for which this rule
should be applied. An asterix as wildcard is allowed.
map
name of the map, or asterisk for all
maps.
security
one of none, port, deny:
none
always allow access.
port
allow access if from port < 1024. Otherwise
do not allow access.
deny
deny access to this map.
FILES
/etc/ypserv.confSEE ALSO
ypserv(8), rpc.ypxfrd(8)WARNINGS
The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker. Solaris clients don't use privileged ports. All security options which depend on privileged ports cause big problems on Solaris clients.AUTHOR
Thorsten Kukuk <[email protected]>03/04/2016 | NIS Reference Manual |