ypserv.conf(5) [centos man page]

YPSERV.CONF(5)						       NIS Reference Manual						    YPSERV.CONF(5)

NAME

       ypserv.conf - configuration file for ypserv and rpc.ypxfrd

DESCRIPTION

       ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for
       ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal.

       There is one entry per line. If the line is a option line, the format is:

	     option: argument

       The line for an access rule has the format:

	     host:domain:map:security

       All rules are tried one by one. If no match is found, access to a map is allowed.

       Following options exist:

       files: 30
	  This option specifies, how many database files should be cached by ypserv. If 0 is specified, caching is disabled. Decreasing this
	  number is only possible, if ypserv is restarted.

       trusted_master: server
	  If this option is set on a slave server, new maps from the host server will be accepted as master. The default is, that no trusted
	  master is set and new maps will not be accepted.

	  Example:

	     trusted_master: ypmaster.example.org

       slp: [yes|<no>|domain]
	  If this option is enabled and SLP support compiled in, the NIS server registers itself on a SLP server. If the variable is set to
	  domain, an attribute domain with a comma seperated list of supported domainnames is set. Else this attribute will not be set. The
	  default is "no" (disabled).

       xfr_check_port: [<yes>|no]
	  With this option enabled, the NIS master server have to run on a port < 1024. The default is "yes" (enabled).

       The field descriptions for the access rule lines are:

       host
	  IP address. Wildcards are allowed.

	  Examples:

	     131.234. = 131.234.0.0/255.255.0.0
	     131.234.214.0/255.255.254.0

       domain
	  specifies the domain, for which this rule should be applied. An asterix as wildcard is allowed.

       map
	  name of the map, or asterisk for all maps.

       security
	  one of none, port, deny:

	  none
	     always allow access.

	  port
	     allow access if from port < 1024. Otherwise do not allow access.

	  deny
	     deny access to this map.

FILES

       /etc/ypserv.conf

SEE ALSO

       ypserv(8), rpc.ypxfrd(8)

WARNINGS

       The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker.

       Solaris clients don't use privileged ports. All security options which depend on privileged ports cause big problems on Solaris clients.

AUTHOR

       Thorsten Kukuk <kukuk@thkukuk.de>

NIS Reference Manual						    08/02/2006							    YPSERV.CONF(5)

RPC.YPXFRD(8)							 Reference Manual						     RPC.YPXFRD(8)

NAME

       rpc.ypxfrd - NIS map transfer server

SYNOPSIS

       /usr/sbin/rpc.ypxfrd [ -d path ] [ -p port ] [ --debug ]
       /usr/sbin/rpc.ypxfrd --version

DESCRIPTION

       rpc.ypxfrd  is  used  for  speed  up  the transfer of very large NIS maps from a NIS master to the NIS slave server. If a  NIS slave server
       receives a message that there is a new map, it will start ypxfr for transfering the new map.  ypxfr will read the contents of  a  map  from
       the master server using the yp_all() function. This process can take several minutes when there are very large maps which have to be stored
       by the database library.

       The rpc.ypxfrd server speeds up the transfer process by allowing NIS slave servers to simply copy the master server's map files rather than
       building their own from scratch.  rpc.ypxfrd uses an RPC-based file transfer protocol, so that there is no need for building a new map.

       rpc.ypxfrd could be started by inetd. But since it starts very slowly, it should be started after ypserv from /etc/init.d/ypxfrd.

OPTIONS

       --debug
	      Causes the server to run in debugging mode. In debug mode, the server does not background itself and prints extra status messages to
	      stderr for each request that it revceives.

       -d directory
	      rpc.ypxfrd is using this directory instead of /var/yp

       -p port
	      rpc.ypxfrd will bind itself to this port, which makes it possible to have a router  filter  packets  to  the  NIS  ports.  This  can
	      restricted the access to the NIS server from hosts on the Internet.

       --version
	      Prints the version number

SECURITY

       rpc.ypxfrd  uses  the  same  functions  for  checking  a  host  as  ypserv.  At first, rpc.ypxfrd will check a request from an address with
       /etc/ypserv.securenets.	If the host is allowed to connect to the server, rpc.ypxfrd will uses the rules from /etc/ypserv.conf to check the
       requested map. If a mapname doesn't match a rule, rpc.ypxfrd will look for the YP_SECURE key in the map. If it exists, rpc.ypxfrd will only
       allow requests on a reserved port.

FILES

       /etc/ypserv.conf /var/yp/securenets

SEE ALSO

       ypserv(8), makedbm(8), yppush(8), ypxfr(8)

BUGS

       The FreeBSD ypxfrd protocol is not compatible with that used by SunOS. This is unfortunate but unavoidable: Sun's protocol  is  not  freely
       available, and even if it were it would probably not be useful since the SunOS NIS v2 implimentation uses the original ndbm package for its
       map databases whereas the other implimentation uses GNU DBM or Berkeley DB. These packages uses vastly different file formats. Furthermore,
       ndbm  and  gdbm	are  byte-order sensitive and not very smart about it, meaning that a gdbm or ndbm database created on a big endian system
       can't be read on a little endian system. The FreeBSD ypxfrd protocol checks, if both, master and slave, uses  the  same	database  packages
       and, if necessary, the byte order of the system.

AUTHOR

       ypxfrd protocol and FreeBSD Implementation: Bill Paul <wpaul@ctr.columbia.edu>
       Linux Implementation: Thorsten Kukuk <kukuk@suse.de>

YP Server							    August 2001 						     RPC.YPXFRD(8)