*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Linux man pages -> ypserv (8)              
Title
Content
Arch
Section
 

YPSERV(8)

Contents


NAME    [Toc]    [Back]

       ypserv - NIS server

SYNOPSIS    [Toc]    [Back]

       /usr/sbin/ypserv [ -b ] [ -d [ path ] ] [ -p port ]

DESCRIPTION    [Toc]    [Back]

       The  Network Information Service (NIS) provides a simple network lookup
       service consisting of databases and processes.  The databases are  gdbm
       files in a directory tree rooted at /var/yp.

       The  ypserv  daemon typically activated at system startup.  ypserv runs
       only on NIS server machines with a  complete  NIS  database.  On  other
       machines  using	the  NIS services, you have to run ypbind as client or
       under Linux you could use the libc with NYS support.  ypbind  must  run
       on  every machine which has NIS client processes; ypserv may or may not
       be running on the same node, but must be running somewhere on the  network.
 On startup or when receiving the signal SIGHUP, ypserv parses the
       file /etc/ypserv.conf.

OPTIONS    [Toc]    [Back]

       -d --debug [path]
	      Causes the server to run in  debugging  mode.  Normally,	ypserv
	      reports  only errors (access violations, dbm failures) using the
	      syslog(3) facility. In debug mode, the  server  does  not  background
  itself  and  prints  extra status messages to stderr for
	      each request that it revceives.  path is an  optionally  parameter.
  ypserv is using this directory instead of /var/yp

       -b --dns
	      If  we doesn't find the host in the hosts maps, we query the DNS
	      (Domain Name Service) service for more host information. This is
	      be  done in an extra subprocess.	ypserv ignores the YP_INTERDO-
	      MAIN keys for dns lookup.

       -p --port port
	      ypserv will bind itself to this port.  This makes it possible to
	      have a router filter packets to the NIS ports, so that access to
	      the NIS server from hosts on the Internet can be restricted.

       -v --version
	      Prints the version number

SECURITY    [Toc]    [Back]

       In general, any remote user can issue an RPC to ypserv and retrieve the
       contents  of  your  NIS	maps, if he knows your domain name. To prevent
       such  unauthorized  transactions,  ypserv  supports  a  feature	called
       ypserv.securenets  which  can be used to restrict access to a given set
       of hosts.  At startup or when arriving the SIGHUP Signal,  ypserv  will
       attempt	 to  load  the	securenets  information  from  a  file	called
       /etc/ypserv.securenets This file contains entries  that	consist  of  a
       netmask	and  a network pair separated by white spaces.	Lines starting
       with ``#'' are considered to be comments.

       A sample securenets file might look like this:

	      # allow connections from local host -- necessary
	      host 127.0.0.1
	      # same as 255.255.255.255 127.0.0.1
	      #
	      # allow connections from any host
	      # on the 131.234.223.0 network
	      255.255.255.0   131.234.223.0
	      # allow connections from any host
	      # between 131.234.214.0 and 131.234.215.255
	      255.255.254.0   131.234.214.0

       If ypserv receives a request from an address  that  fails  to  match  a
       rule, the request will be ignored and a warning message will be logged.
       If the /etc/ypserv.securenets file does not exist,  ypserv  will  allow
       connections from any host.

       If the tcp wrappers security lookups was enabled at compile time in the
       Makefile, then ypserv will use the /etc/hosts.allow and /etc/hosts.deny
       files	(which	  most	  people    already    have)   and   not   the
       /etc/ypserv.securenets. If you have got a binary  package,  try	ypserv
       --version to get a hint which version you have.

       In the /etc/ypserv.conf you could specify some access rules for special
       maps and hosts. But it is not very secure, it make the life only a little
 bit harder for potential hacker. If a mapname doesn't match a rule,
       ypserv will look for the YP_SECURE key in the map. If it exists, ypserv
       will only allow requests on a reserved port.

       For  security reasons, ypserv will only accepts ypproc_xfr requests for
       updating maps from the same master server as the old one.  This	means,
       you have to reinstall the slave servers if you change the master server
       for a map.

FILES    [Toc]    [Back]

       /etc/ypserv.conf /etc/ypserv.securenets

SEE ALSO    [Toc]    [Back]

      
      
       domainname(1),  ypcat(1),  ypmatch(1),	ypserv.conf(5),   netgroup(5),
       makedbm(8),  revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8),
       ypwhich(8), ypxfr(8), rpc.ypxfrd(8)

       The Network Information Service (NIS) was formerly known as Sun	Yellow
       Pages  (YP).   The  functionality of the two remains the same; only the
       name has changed.  The name Yellow Pages is a registered  trademark  in
       the  United  Kingdom  of British Telecommunications plc, and may not be
       used without permission.

AUTHOR    [Toc]    [Back]

       ypserv was written by Peter  Eriksson  <[email protected]>.   Thorsten
       Kukuk  <[email protected]> added support for master/slave server and is the
       new Maintainer.



NYS YP Server			  April 1997			     YPSERV(8)
[ Back ]
 Similar pages
Name OS Title
ypxfr_2perday OpenBSD get a YP map from YP server
ypxfr_1perhour OpenBSD get a YP map from YP server
ypxfr_1perday OpenBSD get a YP map from YP server
ypxfr OpenBSD get a YP map from YP server
nfsd OpenBSD remote NFS server
supservers OpenBSD sup server processes
yppoll OpenBSD ask version of YP map from YP server
ypserv OpenBSD YP server daemon
xfs IRIX X font server
supscan OpenBSD sup server processes
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service