ypserv, ypbind - Network Information Service (NIS) server and binder
/usr/sbin/ypserv [-a method]
/usr/sbin/ypbind [-s -S domainname,servername1,servername2...] [-ypset |
Specifies the database routines used to store NIS maps. The choices
b btree -- Recommended when creating and maintaining very large maps.
d dbm/ndbm -- For backward compatibility. This is the default.
h hash -- A potentially quicker method for managing small maps.
-s Allows the ypbind process to run in a secure mode. This requires the
server to use a secure port.
-S Allows the system administrator to lock ypbind to a particular domain
and set of servers. Up to four servers can be specified as follows:
/usr/sbin/ypbind -S domainname,server1,server2,server3,server4
Note that there cannot be any spaces around the commas in the command
line. The -S option ensures that this system only binds to the speci-
fied domain and to one of the specified servers. The servers used with
the -S option must have entries in the local /etc/hosts file.
ypbind accepts all ypset requests, unless restricted by the -S option.
ypbind accepts only local ypset requests.
If neither -ypset nor -ypsetme are specified, ypbind does not accept
ypset requests to bind to a particular server.
The Network Information Service (NIS) provides a distributed data lookup
service for sharing data among networked systems. NIS data is stored in
database files called maps. The databases consist of dbm, btree, or hash
files stored in the /var/yp/src directory. These files are described in
The NIS daemons are /usr/sbin/ypserv, the NIS database lookup server, and
/usr/sbin/ypbind, the NIS binder. The software interface to NIS is
described in ypclnt(3). Administrative tools are described in yppush(8),
ypxfr(8), yppoll(8), and ypwhich(1). Tools to see the contents of NIS maps
are described in ypcat(1), and ypmatch(1). Database generation and mainte-
nance tools are described in ypmake(8), and makedbm(8).
Both the ypserv and ypbind daemons are activated at system startup time by
/sbin/init.d/nis. The ypserv daemon runs only on an NIS server machine
with a complete NIS database. The ypbind daemon runs on all machines using
NIS, both NIS servers and clients.
The [-a method] option to ypserv tells ypserv which format the maps are
stored in; either btree, dbm, or hash.
The ypserv daemon's primary function is to look up information in its local
database of NIS maps. The operations performed by ypserv are defined for
the programmer in the <<rpcsvc/yp_prot.h>> header file.
Communication with ypserv is by means of RPC calls. Lookup functions are
described in ypclnt(3), and are supplied as C-callable functions in /libc.
There are four lookup functions, all of which are performed on a specified
map within an NIS domain: Match, Get_first, Get_next, and Get_all. The
Match operation takes a key, and returns the associated value. The
Get_first operation returns the first key-value pair from the map, and the
Get_next operation returns the remaining key-value pairs. The Get_all
operation ships the entire map to the requester.
Two other functions supply information about the map, rather than the map
entries: Get_order_number and Get_master_name. Both the order number and
the master name exist in the map as key-value pairs, but the server will
not return either through the usual lookup functions. If the map is exam-
ined with makedbm(8), however, they are visible.
Other functions are used within the NIS subsystem itself, and are not of
general interest to NIS clients. They include the
Do_you_serve_this_domain?, the Transfer_map, and the
The /etc/yp/securenets file contains a list of subnets that are considered
trusted and that are allowed to access NIS data using the ypserv and ypxfrd
daemons. It is a user-created file that resides on an NIS master server and
any slave servers.
If the /etc/yp/securenets file does not exist, or exists but contains no
subnets, all IP addresses are accepted. However, anyone on the Internet
that knows the NIS server address and the domain name can obtain NIS served
data, including the passwd file. Compaq recommends that you use the
securenets file to restrict access.
If you want an NIS slave server, use a /etc/yp/securenets file to restrict
IP addresses to which it serves. The slave server's IP address must be in
the authorization range of entries in the /etc/yp/securenets file on the
NIS master server.
Each entry in the /etc/yp/securenets file contains an IP subnet mask and a
corresponding subnet IP address separated by at least one space. Lines
that do not begin with a digit are considered comments. The file has the
In the following securenets file example, the first two lines allow only
those IP addresses that are within the subnet 128.30 and 128.211.10 range
to access the NIS files. The third line authorizes the one host at address
The ypbind daemon's function is to remember information that enables client
processes on a single node to communicate with a ypserv process. The ypbind
function must run on every machine that has NIS client service require-
ments. The ypbind function must be started through an entry in the
The information ypbind remembers is called a binding, the association of a
domain name with the internet address of the NIS server, and the port on
that host at which the ypserv process is listening for service requests.
The process of binding is driven by client requests. As a request for an
unbound domain comes in, the ypbind process broadcasts on the net trying to
find a ypserv process that serves maps within that domain. Since the bind-
ing is established by broadcasting, there must be at least one ypserv pro-
cess on every net. Once a domain is bound by a particular ypbind, that
same binding is given to every client process on the node. The ypbind pro-
cess on the local node or a remote node may be queried for the binding of a
particular domain by using the ypwhich(1) command.
Bindings are verified before they are given out to a client process. If
ypbind is unable to speak to the ypserv process it is bound to, it marks
the domain as unbound, tells the client process that the domain is unbound,
and tries to bind the domain once again. Requests received for an unbound
domain will fail immediately. In general, a bound domain is marked as
unbound when the node running ypserv crashes or gets overloaded. When the
node gets overloaded, ypbind will try to bind to any NIS server (typically
one that is less-heavily loaded) available on the net.
The ypbind process also accepts requests to set its binding for a particu-
lar domain. The request is usually generated by the NIS subsystem itself.
You must use the same database format for each map in a domain. In addi-
tion, a server serving multiple NIS domains must use the same database for-
mat for all domains.
Although a Tru64 UNIX NIS server that takes advantage of btree files will
be able to store very large maps, NIS slave servers that lack this feature
might have a much smaller limit on the number of map entries they can han-
dle. It may not be possible to distribute very large maps from a Tru64
UNIX NIS master server to a slave server that lacks support for very large
maps. NIS clients are not affected by these enhancements.
The following is an example of the ypserv command used with the btree for-
mat database routine to store NIS maps.
ypserv -a b
If this file exists when ypserv starts up, log information is written
to ypserv.log when error conditions occur.
User-created file on the NIS server that contains a list of trusted
subnets that are allowed to access NIS data using the ypserv and ypxfrd
Commands: ypcat(1), ypmatch(1), yppasswd(1), ypwhich(1), ypmake(8),
Functions: btree(3), dbm(3), dbopen(3), hash(3), ndbm(3), ypclnt(3)
Network Administration: Services