'\" t
.\" Title: ypserv.conf
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1
.\" Date: 03/04/2016
.\" Manual: NIS Reference Manual
.\" Source: NIS Reference Manual
.\" Language: English
.\"
.TH "YPSERV\&.CONF" "5" "03/04/2016" "NIS Reference Manual" "NIS Reference Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ypserv.conf \- configuration file for ypserv and rpc\&.ypxfrd
.SH "DESCRIPTION"
.PP
\fIypserv\&.conf\fR
is an ASCII file which contains some options for ypserv\&. It also contains a list of rules for special host and map access for ypserv and rpc\&.ypxfrd\&. This file will be read by ypserv and rpc\&.ypxfrd at startup, or when receiving a SIGHUP signal\&.
.PP
There is one entry per line\&. If the line is a option line, the format is:
.sp
.if n \{\
.RS 4
.\}
.nf
option: \fIargument\fR
.fi
.if n \{\
.RE
.\}
.PP
The line for an access rule has the format:
.sp
.if n \{\
.RS 4
.\}
.nf
host:domain:map:security
.fi
.if n \{\
.RE
.\}
.PP
All rules are tried one by one\&. If no match is found, access to a map is allowed\&.
.PP
Following options exist:
.PP
\fBfiles:\fR \fI30\fR
.RS 4
This option specifies, how many database files should be cached by
\fIypserv\fR\&. If
0
is specified, caching is disabled\&. Decreasing this number is only possible, if ypserv is restarted\&.
.RE
.PP
\fBtrusted_master:\fR \fIserver\fR
.RS 4
If this option is set on a slave server, new maps from the host
\fIserver\fR
will be accepted as master\&. The default is, that no trusted master is set and new maps will not be accepted\&.
.sp
Example:
.sp
.if n \{\
.RS 4
.\}
.nf
trusted_master: ypmaster\&.example\&.org
.fi
.if n \{\
.RE
.\}
.RE
.PP
\fBslp:\fR [\fIyes\fR|\fI\fR|\fIdomain\fR]
.RS 4
If this option is enabled and SLP support compiled in, the NIS server registers itself on a SLP server\&. If the variable is set to
\fIdomain\fR, an attribute
\fIdomain\fR
with a comma seperated list of supported domainnames is set\&. Else this attribute will not be set\&. The default is "no" (disabled)\&.
.RE
.PP
\fBxfr_check_port:\fR [\fI\fR|\fIno\fR]
.RS 4
With this option enabled, the NIS master server have to run on a port < 1024\&. The default is "yes" (enabled)\&.
.RE
.PP
The field descriptions for the access rule lines are:
.PP
\fBhost\fR
.RS 4
IPv4 only address\&. Wildcards are allowed\&. This rules are ignored for IPv6, which means it is better to not use this option at all anymore\&.
.sp
Examples:
.sp
.if n \{\
.RS 4
.\}
.nf
131\&.234\&. = 131\&.234\&.0\&.0/255\&.255\&.0\&.0
131\&.234\&.214\&.0/255\&.255\&.254\&.0
.fi
.if n \{\
.RE
.\}
.RE
.PP
\fBdomain\fR
.RS 4
specifies the domain, for which this rule should be applied\&. An asterix as wildcard is allowed\&.
.RE
.PP
\fBmap\fR
.RS 4
name of the map, or asterisk for all maps\&.
.RE
.PP
\fBsecurity\fR
.RS 4
one of
\fInone\fR,
\fIport\fR,
\fIdeny\fR:
.PP
\fInone\fR
.RS 4
always allow access\&.
.RE
.PP
\fIport\fR
.RS 4
allow access if from port < 1024\&. Otherwise do not allow access\&.
.RE
.PP
\fIdeny\fR
.RS 4
deny access to this map\&.
.RE
.RE
.SH "FILES"
.PP
/etc/ypserv\&.conf
.SH "SEE ALSO"
.PP
\fBypserv\fR(8),
\fBrpc.ypxfrd\fR(8)
.SH "WARNINGS"
.PP
The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker\&.
.PP
Solaris clients don\*(Aqt use privileged ports\&. All security options which depend on privileged ports cause big problems on Solaris clients\&.
.SH "AUTHOR"
.PP
Thorsten Kukuk