securenets - HP-UX

· Home

+ man pages

-> Linux

-> FreeBSD

-> OpenBSD

-> NetBSD

-> Tru64 Unix

-> HP-UX 11i

-> IRIX

· Linux HOWTOs

· FreeBSD Tips

· *niX Forums

man pages->HP-UX 11i man pages -> securenets (4)


 securenets(4)                                                 securenets(4)




 NAME    [Toc]    [Back]
      securenet - NIS map security file

 DESCRIPTION    [Toc]    [Back]
      The /etc/securenets file defines networks and hosts that may access
      the NIS maps on a server.  Each line in the file gives a network mask
      and a net address, each in dotted quad format.  For example:

           255.255.255.255  133.33.33.33

      The file may have any number of netmask/net pairs.

      When ypserv is started on the server, it checks for the existence of
      /etc/securenets and reads its contents into memory if it exists.
      ypserv must be stopped and restarted for any changes in
      /etc/securenets to take effect.

      Upon startup, the netmask and the net address are converted to binary
      format and logical ANDed.  The result must equal the net address (the
      second address) to be legal.

      If the netmask is 255.255.255.255 (all 1's in binary), any address in
      the net address argument will match it.  If any field in the netmask
      is 0, the corresponding field in the net address must be 0.  When used
      in this way, the portion of the addresses given as 0 acts as a wild
      card.

      When a client attempts to bind to the server, ypbind checks the
      client's IP against those given in the /etc/securenets file.  Again,
      the address is converted to binary and logical ANDed with the netmask.
      The result must equal the net address given in the file.  If the
      client address doesn't match any pairs in the file, the binding is
      refused with the message "no such map in server's NIS domain".

      The securenets file can be used to limit access to specific hosts or
      to subnets using the wildcard capability.

      If there are syntax errors in the /etc/securenets file, messages are
      logged to the ypserv logging file (default /usr/adm/syslog ), and
      ypserv is not started.

      If a host has multiple interfaces, each interface address must be
      allowed in the securenets file for that host to have reliable NIS
      access.

 EXAMPLES    [Toc]    [Back]
      This line in /etc/securenets provides access only to the host with
      address 192.33.33.33:

           255.255.255.255  192.33.33.33




 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003






 securenets(4)                                                 securenets(4)




      This entry allows access by any host on the 192.33.33 subnet:

           255.255.255.0  192.33.33.0

      For broader access, for instance for an entire enterprise, this entry
      allows any host whose address begins with "15" to be served:

           255.0.0.0  15.0.0.0

 SEE ALSO    [Toc]    [Back]
      ypserv(1M)


 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003

[ Back ]

Similar pages

Name	OS	Title
ftpusers	HP-UX	security file for ftpd(1M)
ftpusers	Tru64	The ftpd security file
sialog	Tru64	SIA (Security Integration Architecture) log file
security	HP-UX	security defaults configuration file
inetd.sec	HP-UX	optional security file for inetd
ckfsec	Tru64	Check file and directory security
matrix.conf	Tru64	SIA (Security Integration Architecture) configuration file
files	Tru64	File control database (Enhanced Security)
secdef	HP-UX	security defaults configuration file routines
db_printlog	Tru64	Displays database log file (Enhanced Security)

newsletter delivery service

Contents