| 
        ypserv,  ypbind - Network Information Service (NIS) server
       and binder processes
       /usr/sbin/ypserv [-a method]
       /usr/sbin/ypbind [-s   -S   domainname,servername1,servername2...]
 [-ypset  | -ypsetme]
       Specifies  the  database  routines used to store NIS maps.
       The choices are: btree -- Recommended  when  creating  and
       maintaining  very  large  maps.   dbm/ndbm -- For backward
       compatibility. This is the default.  hash -- A potentially
       quicker method for managing small maps.  Allows the ypbind
       process to run in a secure mode.  This requires the server
       to  use a secure port.  Allows the system administrator to
       lock ypbind to a particular domain and set of servers.  Up
       to   four   servers   can   be   specified   as   follows:
       /usr/sbin/ypbind                -S                 domainname,server1,server2,server3,server4
              Note  that  there  cannot  be any spaces around the
              commas in the command line. The -S  option  ensures
              that this system only binds to the specified domain
              and to one of the specified  servers.  The  servers
              used  with  the  -S option must have entries in the
              local /etc/hosts file.  ypbind  accepts  all  ypset
              requests,  unless  restricted  by  the  -S  option.
              ypbind accepts only local ypset requests.
                                     Note
              If  neither  -ypset  nor  -ypsetme  are  specified,
              ypbind  does not accept ypset requests to bind to a
              particular server.
       The Network Information  Service  (NIS)  provides  a  distributed
  data  lookup service for sharing data among networked
 systems. NIS  data  is  stored  in  database  files
       called  maps. The databases consist of dbm, btree, or hash
       files stored in the /var/yp/src directory. These files are
       described in ypfiles(4).
       The  NIS  daemons  are  /usr/sbin/ypserv, the NIS database
       lookup server, and /usr/sbin/ypbind, the NIS  binder.  The
       software  interface  to  NIS  is  described  in ypclnt(3).
       Administrative tools are described in yppush(8), ypxfr(8),
       yppoll(8),  and  ypwhich(1).  Tools to see the contents of
       NIS  maps  are  described  in  ypcat(1),  and  ypmatch(1).
       Database generation and maintenance tools are described in
       ypmake(8), and makedbm(8).
       Both the ypserv and ypbind daemons are activated at system
       startup  time by /sbin/init.d/nis.  The ypserv daemon runs
       only  on  an  NIS  server  machine  with  a  complete  NIS
       database.  The  ypbind  daemon  runs on all machines using
       NIS, both NIS servers and clients.
       The [-a method] option to ypserv tells ypserv which format
       the maps are stored in; either btree, dbm, or hash.
   ypserv Daemon
       The  ypserv daemon's primary function is to look up information
 in its local database of NIS maps.  The  operations
       performed  by ypserv are defined for the programmer in the
       <rpcsvc/yp_prot.h> header file.
       Communication with  ypserv  is  by  means  of  RPC  calls.
       Lookup  functions are described in ypclnt(3), and are supplied
 as C-callable functions in /libc.
       There are four lookup functions, all  of  which  are  performed
  on  a  specified  map within an NIS domain: Match,
       Get_first, Get_next,  and  Get_all.  The  Match  operation
       takes  a  key,  and  returns  the  associated  value.  The
       Get_first operation returns the first key-value pair  from
       the  map, and the Get_next operation returns the remaining
       key-value pairs. The Get_all operation  ships  the  entire
       map to the requester.
       Two  other  functions  supply  information  about the map,
       rather than the map entries: Get_order_number and Get_master_name.
  Both the order number and the master name exist
       in the map as key-value pairs, but  the  server  will  not
       return  either through the usual lookup functions.  If the
       map is examined with makedbm(8), however, they  are  visible.
       Other  functions are used within the NIS subsystem itself,
       and are not of general  interest  to  NIS  clients.   They
       include  the  Do_you_serve_this_domain?, the Transfer_map,
       and the Reinitialize_internal_state functions.
   securenets File
       The /etc/yp/securenets file contains  a  list  of  subnets
       that are considered trusted and that are allowed to access
       NIS data using the ypserv and  ypxfrd  daemons.  It  is  a
       user-created file that resides on an NIS master server and
       any slave servers.
       If the /etc/yp/securenets file does not exist,  or  exists
       but  contains  no  subnets, all IP addresses are accepted.
       However, anyone on the Internet that knows the NIS  server
       address  and  the  domain name can obtain NIS served data,
       including the passwd file.  Using the securenets file is a
       recommended method of security.
       If  you want an NIS slave server, use a /etc/yp/securenets
       file to restrict IP addresses to  which  it  serves.   The
       slave  server's  IP  address  must be in the authorization
       range of entries in the /etc/yp/securenets file on the NIS
       master server.
       Each  entry  in the /etc/yp/securenets file contains an IP
       subnet mask and a corresponding subnet  IP  address  separated
 by at least one space.  Lines that do not begin with
       a digit are considered comments.  The file has the following
 format:
       subnet_mask     subnet_ip_address
       In  the  following  securenets file example, the first two
       lines allow only those IP addresses that  are  within  the
       subnet  128.30  and  128.211.10  range  to  access the NIS
       files.  The third line authorizes the one host at  address
       128.211.5.6.
       255.255.0.0     128.30.0.0    255.255.255.0   128.211.10.0
       255.255.255.255 128.211.5.6
   ypbind Daemon
       The ypbind daemon's function is  to  remember  information
       that enables client processes on a single node to communicate
 with a ypserv process. The ypbind function  must  run
       on every machine that has NIS client service requirements.
       The ypbind function must be started through  an  entry  in
       the /sbin/init.d/nis file.
       The  information ypbind remembers is called a binding, the
       association of a domain name with the internet address  of
       the  NIS  server,  and  the port on that host at which the
       ypserv process is listening  for  service  requests.   The
       process  of  binding  is  driven by client requests.  As a
       request for an unbound domain comes in, the ypbind process
       broadcasts on the net trying to find a ypserv process that
       serves maps within that  domain.   Since  the  binding  is
       established  by  broadcasting,  there must be at least one
       ypserv process on every net.  Once a domain is bound by  a
       particular  ypbind,  that  same  binding is given to every
       client process on the node.  The  ypbind  process  on  the
       local node or a remote node may be queried for the binding
       of a particular domain by using the ypwhich(1) command.
       Bindings are verified before  they  are  given  out  to  a
       client  process.   If  ypbind  is  unable  to speak to the
       ypserv process it is bound to,  it  marks  the  domain  as
       unbound,  tells  the  client  process  that  the domain is
       unbound,  and  tries  to  bind  the  domain  once   again.
       Requests  received for an unbound domain will fail immediately.
 In general, a bound domain  is  marked  as  unbound
       when  the  node running ypserv crashes or gets overloaded.
       When the node gets overloaded, ypbind will try to bind  to
       any NIS server (typically one that is less-heavily loaded)
       available on the net.
       The ypbind process also accepts requests to set its  binding
  for a particular domain.  The request is usually generated
 by the NIS subsystem itself.
       You must use the same database format for each  map  in  a
       domain. In addition, a server serving multiple NIS domains
       must use the same database format for all domains.
       Although a Tru64 UNIX NIS server that takes  advantage  of
       btree  files  will  be  able to store very large maps, NIS
       slave servers that lack this feature  might  have  a  much
       smaller  limit  on the number of map entries they can handle.
  It may not be possible to distribute very large maps
       from a Tru64 UNIX NIS master server to a slave server that
       lacks support for very large maps.  NIS  clients  are  not
       affected by these enhancements.
       The  following  is  an  example of the ypserv command used
       with the btree format database routine to store NIS  maps.
       ypserv -a b
       If this file exists when ypserv starts up, log information
       is written to  ypserv.log  when  error  conditions  occur.
       User-created  file  on the NIS server that contains a list
       of trusted subnets that are allowed  to  access  NIS  data
       using the ypserv and ypxfrd daemons.
       Commands:  ypcat(1),  ypmatch(1), yppasswd(1), ypwhich(1),
       ypmake(8), yppush(8), ypxfr(8)
       Functions: btree(3), dbm(3), dbopen(3), hash(3),  ndbm(3),
       ypclnt(3)
       Files: ypfiles(4)
       Network Administration: Services
                                                        ypserv(8)
[ Back ] |