Scroll to navigation

YPSERV.CONF(5) NIS Reference Manual YPSERV.CONF(5)


ypserv.conf - configuration file for ypserv and rpc.ypxfrd


ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal.

There is one entry per line. If the line is a option line, the format is:

option: argument

The line for an access rule has the format:


All rules are tried one by one. If no match is found, access to a map is allowed.

Following options exist:

files: 30

This option specifies, how many database files should be cached by ypserv. If 0 is specified, caching is disabled. Decreasing this number is only possible, if ypserv is restarted.

trusted_master: server

If this option is set on a slave server, new maps from the host server will be accepted as master. The default is, that no trusted master is set and new maps will not be accepted.



slp: [yes|<no>|domain]

If this option is enabled and SLP support compiled in, the NIS server registers itself on a SLP server. If the variable is set to domain, an attribute domain with a comma seperated list of supported domainnames is set. Else this attribute will not be set. The default is "no" (disabled).

xfr_check_port: [<yes>|no]

With this option enabled, the NIS master server have to run on a port < 1024. The default is "yes" (enabled).

The field descriptions for the access rule lines are:


IPv4 only address. Wildcards are allowed. This rules are ignored for IPv6, which means it is better to not use this option at all anymore.


131.234. =


specifies the domain, for which this rule should be applied. An asterix as wildcard is allowed.


name of the map, or asterisk for all maps.


one of none, port, deny:


always allow access.


allow access if from port < 1024. Otherwise do not allow access.


deny access to this map.




ypserv(8), rpc.ypxfrd(8)


The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker.

Solaris clients don't use privileged ports. All security options which depend on privileged ports cause big problems on Solaris clients.


Thorsten Kukuk <>

03/04/2016 NIS Reference Manual