1YPSERV.CONF(5)               NIS Reference Manual               YPSERV.CONF(5)
2
3
4

NAME

6       ypserv.conf - configuration file for ypserv and rpc.ypxfrd
7

DESCRIPTION

9       ypserv.conf is an ASCII file which contains some options for ypserv. It
10       also contains a list of rules for special host and map access for
11       ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd
12       at startup, or when receiving a SIGHUP signal.
13
14       There is one entry per line. If the line is a option line, the format
15       is:
16
17              option: argument
18
19       The line for an access rule has the format:
20
21              host:domain:map:security
22
23       All rules are tried one by one. If no match is found, access to a map
24       is allowed.
25
26       Following options exist:
27
28       files: 30
29           This option specifies, how many database files should be cached by
30           ypserv. If 0 is specified, caching is disabled. Decreasing this
31           number is only possible, if ypserv is restarted.
32
33       trusted_master: server
34           If this option is set on a slave server, new maps from the host
35           server will be accepted as master. The default is, that no trusted
36           master is set and new maps will not be accepted.
37
38           Example:
39
40                  trusted_master: ypmaster.example.org
41
42
43       slp: [yes|<no>|domain]
44           If this option is enabled and SLP support compiled in, the NIS
45           server registers itself on a SLP server. If the variable is set to
46           domain, an attribute domain with a comma seperated list of
47           supported domainnames is set. Else this attribute will not be set.
48           The default is "no" (disabled).
49
50       xfr_check_port: [<yes>|no]
51           With this option enabled, the NIS master server have to run on a
52           port < 1024. The default is "yes" (enabled).
53
54       The field descriptions for the access rule lines are:
55
56       host
57           IPv4 only address. Wildcards are allowed. This rules are ignored
58           for IPv6, which means it is better to not use this option at all
59           anymore.
60
61           Examples:
62
63                  131.234. = 131.234.0.0/255.255.0.0
64                  131.234.214.0/255.255.254.0
65
66
67       domain
68           specifies the domain, for which this rule should be applied. An
69           asterix as wildcard is allowed.
70
71       map
72           name of the map, or asterisk for all maps.
73
74       security
75           one of none, port, deny:
76
77           none
78               always allow access.
79
80           port
81               allow access if from port < 1024. Otherwise do not allow
82               access.
83
84           deny
85               deny access to this map.
86

FILES

88       /etc/ypserv.conf
89

SEE ALSO

91       ypserv(8), rpc.ypxfrd(8)
92

WARNINGS

94       The access rules for special maps are no real improvement in security,
95       but they make the life a little bit harder for a potential hacker.
96
97       Solaris clients don't use privileged ports. All security options which
98       depend on privileged ports cause big problems on Solaris clients.
99

AUTHOR

101       Thorsten Kukuk <kukuk@thkukuk.de>
102
103
104
105NIS Reference Manual              01/21/2023                    YPSERV.CONF(5)
Impressum