GNU/Linux |
CentOS 2.1AS(Slurm) |
|
ypserv.conf(5) |
ypserv.conf - configuration file for ypserv and rpc.ypxfrd
ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal.
There is one entry per line. If the line is a option line, the format is:
option: <argument>
The line for an access rule has the format:
host:domain:map:security
All rules are tried one by one. If no match is found, access to a map is allowed.
Following
options exist:
files: 30
This option specifies, how many database files should be cached by ypserv. If 0 is specified, caching is disabled. Decreasing this number is only possible, if ypserv is restarted.
trusted_master: server
If this option is set on a
slave server, new maps from the host server will be
accepted as master. The default is, that no trusted master
is set and new maps will not be accepted.
Example:
trusted_master: ypmaster.example.org
xfr_check_port: [<yes>|no]
With this option enabled, the NIS master server have to run on a port < 1024. The default is "yes" (enabled).
The field descriptions for the access rule lines are:
host |
IP address. Wildcards are allowed. |
Examples:
131.234. = 131.234.0.0/255.255.0.0
131.234.214.0/255.255.254.0
domain |
specifies the domain, for which this rule should be applied. An asterix as wildcard is allowed. | ||
map |
name of the map, or asterisk for all maps. |
security
one of none, port, deny:
none |
always allow access. | ||
port |
allow access if from port < 1024. Otherwise do not allow access. | ||
deny |
deny access to this map. |
/etc/ypserv.conf
ypserv(8), rpc.ypxfrd(8)
The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker.
Solaris clients don’t use privileged ports. All security options which depend on privileged ports cause big problems on Solaris clients.
Thorsten Kukuk <kukuk@suse.de>
ypserv.conf(5) |