unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 securenets(4)						       securenets(4)




 NAME
      securenet - NIS map security file

 DESCRIPTION
      The /etc/securenets file defines networks and hosts that may access
      the NIS maps on a server.	 Each line in the file gives a network mask
      and a net address, each in dotted quad format.  For example:

	   255.255.255.255  133.33.33.33

      The file may have any number of netmask/net pairs.

      When ypserv is started on the server, it checks for the existence of
      /etc/securenets and reads its contents into memory if it exists.
      ypserv must be stopped and restarted for any changes in
      /etc/securenets to take effect.

      Upon startup, the netmask and the net address are converted to binary
      format and logical ANDed.	 The result must equal the net address (the
      second address) to be legal.

      If the netmask is 255.255.255.255 (all 1's in binary), any address in
      the net address argument will match it.  If any field in the netmask
      is 0, the corresponding field in the net address must be 0.  When used
      in this way, the portion of the addresses given as 0 acts as a wild
      card.

      When a client attempts to bind to the server, ypbind checks the
      client's IP against those given in the /etc/securenets file.  Again,
      the address is converted to binary and logical ANDed with the netmask.
      The result must equal the net address given in the file.	If the
      client address doesn't match any pairs in the file, the binding is
      refused with the message "no such map in server's NIS domain".

      The securenets file can be used to limit access to specific hosts or
      to subnets using the wildcard capability.

      If there are syntax errors in the /etc/securenets file, messages are
      logged to the ypserv logging file (default /usr/adm/syslog ), and
      ypserv is not started.

      If a host has multiple interfaces, each interface address must be
      allowed in the securenets file for that host to have reliable NIS
      access.

 EXAMPLES
      This line in /etc/securenets provides access only to the host with
      address 192.33.33.33:

	   255.255.255.255  192.33.33.33




 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 securenets(4)						       securenets(4)




      This entry allows access by any host on the 192.33.33 subnet:

	   255.255.255.0  192.33.33.0

      For broader access, for instance for an entire enterprise, this entry
      allows any host whose address begins with "15" to be served:

	   255.0.0.0  15.0.0.0

 SEE ALSO
      ypserv(1M)











































 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000