Pegasus InfoCorp: Web site design and web software development company
Home About Us Services Solutions Clientele Contact Us

YPSERV.CONF (5)

configuration file for ypserv and rpc.ypxfrd

DESCRIPTION

    ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be read from ypserv and rpc.ypxfrd by startup, or by arriving a SIGHUP signal.

    There is one entry per line. If the line is a option line, the format is:

      option: [yes|no]

    The line for a access rule has the format:

      host:map:security:mangle[:field]

    All rules are tried one by one. If no match is found, access to a map is allowed.

    Following options exist:

    dns

      the NIS server will query the nameserver for hostnames, which are not found in the hosts.* maps. The default is "no". You could overwrite it with the "-dns" commandline option. A "no" will not overwrite the "-dns" option.

    sunos_kludge

      This is not longer supported, since ypserv supports the most YP version 1 functions.

    xfr_check_port

      With this option enabled, the NIS master server have to run on a port < 1024. The default is "yes" (enabled).

    The field descriptions for the access rule lines are:

    host

      IP address. Wildcards are allowed. Examples: 131.234. = 131.234.0.0/255.255.0.0 131.234.214.0/255.255.254.0

    map

      name of the map, or asterisk for all maps.

    security

      one of none, port, deny, des:

    none

      always allow access. Mangle the passwd field if so configured, default is not.

    port

      allow access if from port < 1024. Otherwise if mangle are not set, do not allow access. If mangle is set to "yes", allow access, but mangle the passwd field.

    deny

      deny access to this map.

    des

      requires DES authentication. Not supported by most libc's in the moment. You could mangle the passwd field if so configured, default is not.

    mangle

      possible values are "yes" or "no". If "yes", the field entry will be mangled. Mangling means that the field is replaced by 'x' if the port check reveals the request originated from somebody unpriviliged.

    field

      Which field should be mangled. The default is the 2nd field.

FILES

    /etc/ypserv.conf

SEE ALSO

WARNINGS

    The access rules for special maps are no real improvement in security, but it makes the life a little bit harder for potential hacker.

BUGS

    Solaris clients doesn't use privileged ports. All security options, which depend on privileged ports, causes big problems on Solaris clients.

AUTHOR

    Thorsten Kukuk <kukuk@suse.de>

Linux Man Section 0 Linux Man Section 1 Linux Man Section 2 Linux Man Section 3 Linux Man Section 4
Linux Man Section 5 Linux Man Section 6 Linux Man Section 7 Linux Man Section 8 Section 9 Section N
Home About Us Services Solutions Clientele
Contact Us Directory Links Web Development Knowledgebase - Linux Manual Man Pages Web Development Knowledgebase - Linux Dictionary