YPSERV.CONF(5) Reference Manual YPSERV.CONF(5)NAMEypserv.conf - configuration file for ypserv and rpc.ypxfrd
DESCRIPTIONypserv.conf is an ASCII file which contains some options for ypserv. It
also contains a list of rules for special host and map access for
ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd
at startup, or when receiving a SIGHUP signal.
There is one entry per line. If the line is a option line, the format
is:
option: <argument>
The line for an access rule has the format:
host:domain:map:security
All rules are tried one by one. If no match is found, access to a map
is allowed.
Following options exist:
files: 30
This option specifies, how many database files should be cached
by ypserv. If 0 is specified, caching is disabled. Decreasing
this number is only possible, if ypserv is restarted.
trusted_master: server
If this option is set on a slave server, new maps from the host
server will be accepted as master. The default is, that no
trusted master is set and new maps will not be accepted.
Example:
trusted_master: ypmaster.example.org
slp: [yes|<no>|domain]
If this option is enabled and SLP support compiled in, the NIS
server registers itself on a SLP server. If the variable is set
to domain, an attribute domain with a comma seperated list of
supported domainnames is set. Else this attribute will not be
set.
xfr_check_port: [<yes>|no]
With this option enabled, the NIS master server have to run on a
port < 1024. The default is "yes" (enabled).
The field descriptions for the access rule lines are:
host IP address. Wildcards are allowed.
Examples:
131.234. = 131.234.0.0/255.255.0.0
131.234.214.0/255.255.254.0
domain specifies the domain, for which this rule should be applied. An
asterix as wildcard is allowed.
map name of the map, or asterisk for all maps.
security
one of none, port, deny:
none always allow access.
port allow access if from port < 1024. Otherwise do not allow access.
deny deny access to this map.
FILES
/etc/ypserv.conf
SEE ALSOypserv(8), rpc.ypxfrd(8)WARNINGS
The access rules for special maps are no real improvement in security,
but they make the life a little bit harder for a potential hacker.
BUGS
Solaris clients don't use privileged ports. All security options which
depend on privileged ports cause big problems on Solaris clients.
AUTHOR
Thorsten Kukuk <kukuk@suse.de>
YP Server October 2002 YPSERV.CONF(5)