unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



ypserv(8)							    ypserv(8)



NAME

  ypserv, ypbind - Network Information Service (NIS) server and	binder
  processes

SYNOPSIS

  /usr/sbin/ypserv [-a method]

  /usr/sbin/ypbind [-s	-S  domainname,servername1,servername2...] [-ypset  |
  -ypsetme]

OPTIONS

  -a method
      Specifies	the database routines used to store NIS	maps.  The choices
      are:

      b	  btree	-- Recommended when creating and maintaining very large	maps.

      d	  dbm/ndbm -- For backward compatibility. This is the default.

      h	  hash -- A potentially	quicker	method for managing small maps.

  -s  Allows the ypbind	process	to run in a secure mode.  This requires	the
      server to	use a secure port.

  -S  Allows the system	administrator to lock ypbind to	a particular domain
      and set of servers.  Up to four servers can be specified as follows:
	   /usr/sbin/ypbind -S domainname,server1,server2,server3,server4

      Note that	there cannot be	any spaces around the commas in	the command
      line. The	-S option ensures that this system only	binds to the speci-
      fied domain and to one of	the specified servers. The servers used	with
      the -S option must have entries in the local /etc/hosts file.

  -ypset
      ypbind accepts all ypset requests, unless	restricted by the -S option.

  -ypsetme
      ypbind accepts only local	ypset requests.


				       Note

	 If neither -ypset nor -ypsetme	are specified, ypbind does not accept
	 ypset requests	to bind	to a particular	server.







DESCRIPTION

  The Network Information Service (NIS)	provides a distributed data lookup
  service for sharing data among networked systems. NIS	data is	stored in
  database files called	maps. The databases consist of dbm, btree, or hash
  files	stored in the /var/yp/src directory. These files are described in
  ypfiles(4).

  The NIS daemons are /usr/sbin/ypserv,	the NIS	database lookup	server,	and
  /usr/sbin/ypbind, the	NIS binder. The	software interface to NIS is
  described in ypclnt(3). Administrative tools are described in	yppush(8),
  ypxfr(8), yppoll(8), and ypwhich(1). Tools to	see the	contents of NIS	maps
  are described	in ypcat(1), and ypmatch(1). Database generation and mainte-
  nance	tools are described in ypmake(8), and makedbm(8).

  Both the ypserv and ypbind daemons are activated at system startup time by
  /sbin/init.d/nis.  The ypserv	daemon runs only on an NIS server machine
  with a complete NIS database.	The ypbind daemon runs on all machines using
  NIS, both NIS	servers	and clients.

  The [-a method] option to ypserv tells ypserv	which format the maps are
  stored in; either btree, dbm,	or hash.

  ypserv Daemon


  The ypserv daemon's primary function is to look up information in its	local
  database of NIS maps.	The operations performed by ypserv are defined for
  the programmer in the	<&lt;rpcsvc/yp_prot.h>&gt; header file.

  Communication	with ypserv is by means	of RPC calls.  Lookup functions	are
  described in ypclnt(3), and are supplied as C-callable functions in /libc.

  There	are four lookup	functions, all of which	are performed on a specified
  map within an	NIS domain: Match, Get_first, Get_next,	and Get_all. The
  Match	operation takes	a key, and returns the associated value. The
  Get_first operation returns the first	key-value pair from the	map, and the
  Get_next operation returns the remaining key-value pairs. The	Get_all
  operation ships the entire map to the	requester.

  Two other functions supply information about the map,	rather than the	map
  entries: Get_order_number and	Get_master_name. Both the order	number and
  the master name exist	in the map as key-value	pairs, but the server will
  not return either through the	usual lookup functions.	 If the	map is exam-
  ined with makedbm(8),	however, they are visible.

  Other	functions are used within the NIS subsystem itself, and	are not	of
  general interest to NIS clients.  They include the
  Do_you_serve_this_domain?, the Transfer_map, and the
  Reinitialize_internal_state functions.

  securenets File


  The /etc/yp/securenets file contains a list of subnets that are considered
  trusted and that are allowed to access NIS data using	the ypserv and ypxfrd
  daemons. It is a user-created	file that resides on an	NIS master server and
  any slave servers.

  If the /etc/yp/securenets file does not exist, or exists but contains	no
  subnets, all IP addresses are	accepted. However, anyone on the Internet
  that knows the NIS server address and	the domain name	can obtain NIS served
  data,	including the passwd file.  Compaq recommends that you use the
  securenets file to restrict access.

  If you want an NIS slave server, use a /etc/yp/securenets file to restrict
  IP addresses to which	it serves.  The	slave server's IP address must be in
  the authorization range of entries in	the /etc/yp/securenets file on the
  NIS master server.


  Each entry in	the /etc/yp/securenets file contains an	IP subnet mask and a
  corresponding	subnet IP address separated by at least	one space.  Lines
  that do not begin with a digit are considered	comments.  The file has	the
  following format:

       subnet_mask     subnet_ip_address

  In the following securenets file example, the	first two lines	allow only
  those	IP addresses that are within the subnet	128.30 and 128.211.10 range
  to access the	NIS files.  The	third line authorizes the one host at address
  128.211.5.6.

       255.255.0.0  128.30.0.0
       255.255.255.0 128.211.10.0
       255.255.255.255 128.211.5.6

  ypbind Daemon


  The ypbind daemon's function is to remember information that enables client
  processes on a single	node to	communicate with a ypserv process. The ypbind
  function must	run on every machine that has NIS client service require-
  ments.  The ypbind function must be started through an entry in the
  /sbin/init.d/nis file.

  The information ypbind remembers is called a binding,	the association	of a
  domain name with the internet	address	of the NIS server, and the port	on
  that host at which the ypserv	process	is listening for service requests.
  The process of binding is driven by client requests.	As a request for an
  unbound domain comes in, the ypbind process broadcasts on the	net trying to
  find a ypserv	process	that serves maps within	that domain.  Since the	bind-
  ing is established by	broadcasting, there must be at least one ypserv	pro-
  cess on every	net.  Once a domain is bound by	a particular ypbind, that
  same binding is given	to every client	process	on the node. The ypbind	pro-
  cess on the local node or a remote node may be queried for the binding of a
  particular domain by using the ypwhich(1) command.

  Bindings are verified	before they are	given out to a client process.	If
  ypbind is unable to speak to the ypserv process it is	bound to, it marks
  the domain as	unbound, tells the client process that the domain is unbound,
  and tries to bind the	domain once again.  Requests received for an unbound
  domain will fail immediately.	In general, a bound domain is marked as
  unbound when the node	running	ypserv crashes or gets overloaded.  When the
  node gets overloaded,	ypbind will try	to bind	to any NIS server (typically
  one that is less-heavily loaded) available on	the net.

  The ypbind process also accepts requests to set its binding for a particu-
  lar domain.  The request is usually generated	by the NIS subsystem itself.

RESTRICTIONS

  You must use the same	database format	for each map in	a domain. In addi-
  tion,	a server serving multiple NIS domains must use the same	database for-
  mat for all domains.

  Although a Tru64 UNIX	NIS server that	takes advantage	of btree files will
  be able to store very	large maps, NIS	slave servers that lack	this feature
  might	have a much smaller limit on the number	of map entries they can	han-
  dle.	It may not be possible to distribute very large	maps from a Tru64
  UNIX NIS master server to a slave server that	lacks support for very large
  maps.	 NIS clients are not affected by these enhancements.






EXAMPLES

  The following	is an example of the ypserv command used with the btree	for-
  mat database routine to store	NIS maps.

       ypserv -a b

FILES

  /var/yp/ypserv.log
      If this file exists when ypserv starts up, log information is written
      to ypserv.log when error conditions occur.

  /etc/yp/securenets
      User-created file	on the NIS server that contains	a list of trusted
      subnets that are allowed to access NIS data using	the ypserv and ypxfrd
      daemons.

SEE ALSO

  Commands: ypcat(1), ypmatch(1), yppasswd(1), ypwhich(1), ypmake(8),
  yppush(8), ypxfr(8)

  Functions: btree(3), dbm(3), dbopen(3), hash(3), ndbm(3), ypclnt(3)

  Files: ypfiles(4)

  Network Administration: Services