'\" t .\" Title: ypserv.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 03/04/2016 .\" Manual: NIS Reference Manual .\" Source: NIS Reference Manual .\" Language: English .\" .TH "YPSERV\&.CONF" "5" "03/04/2016" "NIS Reference Manual" "NIS Reference Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ypserv.conf \- configuration file for ypserv and rpc\&.ypxfrd .SH "DESCRIPTION" .PP \fIypserv\&.conf\fR is an ASCII file which contains some options for ypserv\&. It also contains a list of rules for special host and map access for ypserv and rpc\&.ypxfrd\&. This file will be read by ypserv and rpc\&.ypxfrd at startup, or when receiving a SIGHUP signal\&. .PP There is one entry per line\&. If the line is a option line, the format is: .sp .if n \{\ .RS 4 .\} .nf option: \fIargument\fR .fi .if n \{\ .RE .\} .PP The line for an access rule has the format: .sp .if n \{\ .RS 4 .\} .nf host:domain:map:security .fi .if n \{\ .RE .\} .PP All rules are tried one by one\&. If no match is found, access to a map is allowed\&. .PP Following options exist: .PP \fBfiles:\fR \fI30\fR .RS 4 This option specifies, how many database files should be cached by \fIypserv\fR\&. If 0 is specified, caching is disabled\&. Decreasing this number is only possible, if ypserv is restarted\&. .RE .PP \fBtrusted_master:\fR \fIserver\fR .RS 4 If this option is set on a slave server, new maps from the host \fIserver\fR will be accepted as master\&. The default is, that no trusted master is set and new maps will not be accepted\&. .sp Example: .sp .if n \{\ .RS 4 .\} .nf trusted_master: ypmaster\&.example\&.org .fi .if n \{\ .RE .\} .RE .PP \fBslp:\fR [\fIyes\fR|\fI\fR|\fIdomain\fR] .RS 4 If this option is enabled and SLP support compiled in, the NIS server registers itself on a SLP server\&. If the variable is set to \fIdomain\fR, an attribute \fIdomain\fR with a comma seperated list of supported domainnames is set\&. Else this attribute will not be set\&. The default is "no" (disabled)\&. .RE .PP \fBxfr_check_port:\fR [\fI\fR|\fIno\fR] .RS 4 With this option enabled, the NIS master server have to run on a port < 1024\&. The default is "yes" (enabled)\&. .RE .PP The field descriptions for the access rule lines are: .PP \fBhost\fR .RS 4 IPv4 only address\&. Wildcards are allowed\&. This rules are ignored for IPv6, which means it is better to not use this option at all anymore\&. .sp Examples: .sp .if n \{\ .RS 4 .\} .nf 131\&.234\&. = 131\&.234\&.0\&.0/255\&.255\&.0\&.0 131\&.234\&.214\&.0/255\&.255\&.254\&.0 .fi .if n \{\ .RE .\} .RE .PP \fBdomain\fR .RS 4 specifies the domain, for which this rule should be applied\&. An asterix as wildcard is allowed\&. .RE .PP \fBmap\fR .RS 4 name of the map, or asterisk for all maps\&. .RE .PP \fBsecurity\fR .RS 4 one of \fInone\fR, \fIport\fR, \fIdeny\fR: .PP \fInone\fR .RS 4 always allow access\&. .RE .PP \fIport\fR .RS 4 allow access if from port < 1024\&. Otherwise do not allow access\&. .RE .PP \fIdeny\fR .RS 4 deny access to this map\&. .RE .RE .SH "FILES" .PP /etc/ypserv\&.conf .SH "SEE ALSO" .PP \fBypserv\fR(8), \fBrpc.ypxfrd\fR(8) .SH "WARNINGS" .PP The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker\&. .PP Solaris clients don\*(Aqt use privileged ports\&. All security options which depend on privileged ports cause big problems on Solaris clients\&. .SH "AUTHOR" .PP Thorsten Kukuk