summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcharnier <charnier@FreeBSD.org>1997-10-29 07:25:05 +0000
committercharnier <charnier@FreeBSD.org>1997-10-29 07:25:05 +0000
commit24e614e49c313df771b3e53f2b7e9f0babf0fff0 (patch)
tree8fc9203802250babef065ef17bdcacc1fe8f311b
parent941e2045a2c71da41fadec9bfed70cb37decf91d (diff)
downloadFreeBSD-src-24e614e49c313df771b3e53f2b7e9f0babf0fff0.zip
FreeBSD-src-24e614e49c313df771b3e53f2b7e9f0babf0fff0.tar.gz
Typos in man page. Cosmetics in error strings.
-rw-r--r--usr.sbin/ypserv/yp_access.c17
-rw-r--r--usr.sbin/ypserv/yp_dblookup.c41
-rw-r--r--usr.sbin/ypserv/yp_dnslookup.c37
-rw-r--r--usr.sbin/ypserv/yp_error.c12
-rw-r--r--usr.sbin/ypserv/yp_extern.h7
-rw-r--r--usr.sbin/ypserv/yp_main.c47
-rw-r--r--usr.sbin/ypserv/yp_server.c17
-rw-r--r--usr.sbin/ypserv/yp_svc_udp.c11
-rw-r--r--usr.sbin/ypserv/ypserv.8126
9 files changed, 182 insertions, 133 deletions
diff --git a/usr.sbin/ypserv/yp_access.c b/usr.sbin/ypserv/yp_access.c
index 5b306a8..bb869f2 100644
--- a/usr.sbin/ypserv/yp_access.c
+++ b/usr.sbin/ypserv/yp_access.c
@@ -31,6 +31,11 @@
*
*/
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
#include <stdlib.h>
#include <rpc/rpc.h>
#include <rpcsvc/yp.h>
@@ -52,10 +57,6 @@
#include "tcpd.h"
#endif
-#ifndef lint
-static const char rcsid[] = "$Id$";
-#endif
-
extern int debug;
/* NIS v1 */
@@ -241,11 +242,11 @@ int yp_access(map, rqstp)
rqhost = svc_getcaller(rqstp->rq_xprt);
if (debug) {
- yp_error("Procedure %s called from %s:%d", yp_procedure,
+ yp_error("procedure %s called from %s:%d", yp_procedure,
inet_ntoa(rqhost->sin_addr),
ntohs(rqhost->sin_port));
if (map != NULL)
- yp_error("Client is referencing map \"%s\".", map);
+ yp_error("client is referencing map \"%s\".", map);
}
/* Check the map name if one was supplied. */
@@ -267,14 +268,14 @@ possible spoof attempt from %s:%d",
(rqstp->rq_prog == YPXFRD_FREEBSD_PROG &&
rqstp->rq_proc == YPXFRD_GETMAP)) &&
ntohs(rqhost->sin_port) >= IPPORT_RESERVED) {
- yp_error("Access to %s denied -- client %s:%d \
+ yp_error("access to %s denied -- client %s:%d \
not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port));
return(1);
}
}
#ifdef TCP_WRAPPER
- status = hosts_ctl(progname, STRING_UNKNOWN,
+ status = hosts_ctl("ypserv", STRING_UNKNOWN,
inet_ntoa(rqhost->sin_addr), "");
#else
tmp = securenets;
diff --git a/usr.sbin/ypserv/yp_dblookup.c b/usr.sbin/ypserv/yp_dblookup.c
index 81602ff..9041c09 100644
--- a/usr.sbin/ypserv/yp_dblookup.c
+++ b/usr.sbin/ypserv/yp_dblookup.c
@@ -28,28 +28,27 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
- * $Id$
- *
*/
+
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
+#include <db.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
-#include <fcntl.h>
#include <string.h>
-#include <limits.h>
#include <unistd.h>
-#include <db.h>
#include <sys/stat.h>
#include <sys/param.h>
-#include <errno.h>
-#include <paths.h>
#include <rpcsvc/yp.h>
#include "yp_extern.h"
-#ifndef lint
-static const char rcsid[] = "$Id$";
-#endif
-
int ypdb_debug = 0;
enum ypstat yp_errno = YP_TRUE;
@@ -106,15 +105,13 @@ static struct circleq_entry *yp_malloc_qent()
q = (struct circleq_entry *)malloc(sizeof(struct circleq_entry));
if (q == NULL) {
- yp_error("failed to malloc() circleq entry: %s",
- strerror(errno));
+ yp_error("failed to malloc() circleq entry");
return(NULL);
}
bzero((char *)q, sizeof(struct circleq_entry));
q->dbptr = (struct dbent *)malloc(sizeof(struct dbent));
if (q->dbptr == NULL) {
- yp_error("failed to malloc() circleq entry: %s",
- strerror(errno));
+ yp_error("failed to malloc() circleq entry");
free(q);
return(NULL);
}
@@ -480,7 +477,7 @@ int yp_get_record(domain,map,key,data,allow)
#endif
if (ypdb_debug)
- yp_error("Looking up key [%.*s]",
+ yp_error("looking up key [%.*s]",
key->size, key->data);
/*
@@ -510,7 +507,7 @@ int yp_get_record(domain,map,key,data,allow)
}
if (ypdb_debug)
- yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
+ yp_error("result of lookup: key: [%.*s] data: [%.*s]",
key->size, key->data, data->size, data->data);
#ifdef DB_CACHE
@@ -539,7 +536,7 @@ int yp_first_record(dbp,key,data,allow)
#endif
if (ypdb_debug)
- yp_error("Retrieving first key in map.");
+ yp_error("retrieving first key in map");
if ((rval = (dbp->seq)(dbp,key,data,R_FIRST)) != 0) {
#ifdef DB_CACHE
@@ -565,7 +562,7 @@ int yp_first_record(dbp,key,data,allow)
}
if (ypdb_debug)
- yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
+ yp_error("result of lookup: key: [%.*s] data: [%.*s]",
key->size, key->data, data->size, data->data);
#ifdef DB_CACHE
@@ -610,7 +607,7 @@ int yp_next_record(dbp,key,data,all,allow)
}
if (ypdb_debug)
- yp_error("Retreiving next key, previous was: [%.*s]",
+ yp_error("retrieving next key, previous was: [%.*s]",
key->size, key->data);
if (!all) {
@@ -649,7 +646,7 @@ int yp_next_record(dbp,key,data,all,allow)
}
if (ypdb_debug)
- yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
+ yp_error("result of lookup: key: [%.*s] data: [%.*s]",
key->size, key->data, data->size, data->data);
#ifdef DB_CACHE
diff --git a/usr.sbin/ypserv/yp_dnslookup.c b/usr.sbin/ypserv/yp_dnslookup.c
index 282bdcb..f29750d 100644
--- a/usr.sbin/ypserv/yp_dnslookup.c
+++ b/usr.sbin/ypserv/yp_dnslookup.c
@@ -28,10 +28,13 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
- * $Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $
*/
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
/*
* Do standard and reverse DNS lookups using the resolver library.
* Take care of all the dirty work here so the main program only has to
@@ -51,23 +54,18 @@
#include <arpa/inet.h>
#include <arpa/nameser.h>
-#include <stdio.h>
#include <ctype.h>
-#include <resolv.h>
+#include <errno.h>
#include <netdb.h>
-#include <unistd.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <errno.h>
-#include <err.h>
+#include <resolv.h>
+#include <unistd.h>
#include <rpcsvc/yp.h>
#include "yp_extern.h"
-#ifndef lint
-static const char rcsid[] = "$Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $";
-#endif
-
static char *parse(hp)
struct hostent *hp;
{
@@ -147,8 +145,7 @@ static struct circleq_dnsentry *yp_malloc_dnsent()
q = (struct circleq_dnsentry *)malloc(sizeof(struct circleq_dnsentry));
if (q == NULL) {
- yp_error("failed to malloc() circleq dns entry: %s",
- strerror(errno));
+ yp_error("failed to malloc() circleq dns entry");
return(NULL);
}
@@ -266,13 +263,13 @@ static void yp_send_dns_reply(q, buf)
xdrfunc = (xdrproc_t)xdr_ypresponse;
break;
default:
- yp_error("Bad YP program version (%lu)!",q->ypvers);
+ yp_error("bad YP program version (%lu)!", q->ypvers);
return;
break;
}
if (debug)
- yp_error("Sending dns reply to %s (%lu)",
+ yp_error("sending dns reply to %s (%lu)",
inet_ntoa(q->client_addr.sin_addr), q->id);
/*
* XXX This is disgusting. There's basically one transport
@@ -352,7 +349,7 @@ void yp_run_dnsq()
struct hostent *hent;
if (debug)
- yp_error("Running dns queue");
+ yp_error("running dns queue");
bzero(buf, sizeof(buf));
@@ -380,7 +377,7 @@ void yp_run_dnsq()
}
if (debug)
- yp_error("Got dns reply from %s", inet_ntoa(sin.sin_addr));
+ yp_error("got dns reply from %s", inet_ntoa(sin.sin_addr));
hent = __dns_getanswer(buf, rval, q->name, q->type);
@@ -395,7 +392,7 @@ void yp_run_dnsq()
snprintf(retrybuf, sizeof(retrybuf), "%s.%s",
q->name, *q->domain);
if (debug)
- yp_error("Retrying with: %s", retrybuf);
+ yp_error("retrying with: %s", retrybuf);
q->id = yp_send_dns_query(retrybuf, q->type);
q->ttl = DEF_TTL;
q->domain++;
@@ -472,7 +469,7 @@ ypstat yp_async_lookup_name(rqstp, name)
pending++;
if (debug)
- yp_error("Queueing async DNS name lookup (%d)", q->id);
+ yp_error("queueing async DNS name lookup (%d)", q->id);
yp_prune_dnsq();
return(YP_TRUE);
@@ -537,7 +534,7 @@ ypstat yp_async_lookup_addr(rqstp, addr)
pending++;
if (debug)
- yp_error("Queueing async DNS address lookup (%d)", q->id);
+ yp_error("queueing async DNS address lookup (%d)", q->id);
yp_prune_dnsq();
return(YP_TRUE);
diff --git a/usr.sbin/ypserv/yp_error.c b/usr.sbin/ypserv/yp_error.c
index 8d92cf5..94adf32 100644
--- a/usr.sbin/ypserv/yp_error.c
+++ b/usr.sbin/ypserv/yp_error.c
@@ -30,21 +30,21 @@
* SUCH DAMAGE.
*
*/
+
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
/*
* error logging/reporting facilities
* stolen from /usr/libexec/mail.local via ypserv
- *
- * $Id$
*/
#include <stdio.h>
#include <sys/types.h>
#include <syslog.h>
-#ifndef lint
-static const char rcsid[] = "$Id$";
-#endif
-
int debug;
extern int _rpcpmstart;
diff --git a/usr.sbin/ypserv/yp_extern.h b/usr.sbin/ypserv/yp_extern.h
index 5eacf13..0aaee26 100644
--- a/usr.sbin/ypserv/yp_extern.h
+++ b/usr.sbin/ypserv/yp_extern.h
@@ -29,15 +29,16 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id$
+ * $Id: yp_extern.h,v 1.11 1997/02/22 16:15:11 peter Exp $
*/
+
+#include <db.h>
+#include <limits.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/cdefs.h>
#include <sys/types.h>
-#include <limits.h>
-#include <db.h>
#include <rpc/rpc.h>
#include <rpcsvc/yp.h>
diff --git a/usr.sbin/ypserv/yp_main.c b/usr.sbin/ypserv/yp_main.c
index 1ec048f..6aaa7e3 100644
--- a/usr.sbin/ypserv/yp_main.c
+++ b/usr.sbin/ypserv/yp_main.c
@@ -28,10 +28,13 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
- * $Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $
*/
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
/*
* ypserv startup function.
* We need out own main() since we have to do some additional work
@@ -40,34 +43,31 @@
*/
#include "yp.h"
+#include <err.h>
+#include <errno.h>
+#include <memory.h>
#include <stdio.h>
+#include <signal.h>
#include <stdlib.h> /* getenv, exit */
-#include <rpc/pmap_clnt.h> /* for pmap_unset */
#include <string.h> /* strcmp */
-#include <signal.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <rpc/pmap_clnt.h> /* for pmap_unset */
#include <sys/ttycom.h> /* TIOCNOTTY */
#ifdef __cplusplus
#include <sysent.h> /* getdtablesize, open */
#endif /* __cplusplus */
-#include <memory.h>
#include <sys/socket.h>
#include <netinet/in.h>
-#include <syslog.h>
#include <sys/wait.h>
#include "yp_extern.h"
-#include <unistd.h>
#include <rpc/rpc.h>
-#include <errno.h>
-#include <err.h>
#ifndef SIG_PF
#define SIG_PF void(*)(int)
#endif
#define _RPCSVC_CLOSEDOWN 120
-#ifndef lint
-static const char rcsid[] = "$Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $";
-#endif /* not lint */
int _rpcpmstart; /* Started by a port monitor ? */
static int _rpcfdtype;
/* Whether Stream or Datagram ? */
@@ -94,7 +94,7 @@ void _msgout(char* msg)
if (_rpcpmstart)
syslog(LOG_ERR, msg);
else
- (void) fprintf(stderr, "%s\n", msg);
+ warnx("%s", msg);
} else
syslog(LOG_ERR, msg);
}
@@ -132,7 +132,7 @@ yp_svc_run()
if (errno == EINTR) {
continue;
}
- perror("svc_run: - select failed");
+ warn("svc_run: - select failed");
return;
case 0:
yp_prune_dnsq();
@@ -179,7 +179,7 @@ static void reaper(sig)
static void usage()
{
- fprintf(stderr, "Usage: %s [-h] [-d] [-n] [-p path]\n", progname);
+ fprintf(stderr, "usage: ypserv [-h] [-d] [-n] [-p path]\n");
exit(1);
}
@@ -213,6 +213,7 @@ closedown(int sig)
(void) alarm(_RPCSVC_CLOSEDOWN/2);
}
+int
main(argc, argv)
int argc;
char *argv[];
@@ -257,13 +258,13 @@ main(argc, argv)
sock = 0;
_rpcpmstart = 1;
proto = 0;
- openlog(progname, LOG_PID, LOG_DAEMON);
+ openlog("ypserv", LOG_PID, LOG_DAEMON);
} else {
if (!debug) {
if (daemon(0,0)) {
err(1,"cannot fork");
}
- openlog(progname, LOG_PID, LOG_DAEMON);
+ openlog("ypserv", LOG_PID, LOG_DAEMON);
}
sock = RPC_ANYSOCK;
(void) pmap_unset(YPPROG, YPVERS);
@@ -273,17 +274,17 @@ main(argc, argv)
if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_DGRAM)) {
transp = svcudp_create(sock);
if (transp == NULL) {
- _msgout("cannot create udp service.");
+ _msgout("cannot create udp service");
exit(1);
}
if (!_rpcpmstart)
proto = IPPROTO_UDP;
if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) {
- _msgout("unable to register (YPPROG, YPOLDVERS, udp).");
+ _msgout("unable to register (YPPROG, YPOLDVERS, udp)");
exit(1);
}
if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) {
- _msgout("unable to register (YPPROG, YPVERS, udp).");
+ _msgout("unable to register (YPPROG, YPVERS, udp)");
exit(1);
}
}
@@ -291,17 +292,17 @@ main(argc, argv)
if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_STREAM)) {
transp = svctcp_create(sock, 0, 0);
if (transp == NULL) {
- _msgout("cannot create tcp service.");
+ _msgout("cannot create tcp service");
exit(1);
}
if (!_rpcpmstart)
proto = IPPROTO_TCP;
if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) {
- _msgout("unable to register (YPPROG, YPOLDVERS, tcp).");
+ _msgout("unable to register (YPPROG, YPOLDVERS, tcp)");
exit(1);
}
if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) {
- _msgout("unable to register (YPPROG, YPVERS, tcp).");
+ _msgout("unable to register (YPPROG, YPVERS, tcp)");
exit(1);
}
}
diff --git a/usr.sbin/ypserv/yp_server.c b/usr.sbin/ypserv/yp_server.c
index 5e2ec4d..9927f6b 100644
--- a/usr.sbin/ypserv/yp_server.c
+++ b/usr.sbin/ypserv/yp_server.c
@@ -31,23 +31,24 @@
*
*/
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
#include "yp.h"
#include "yp_extern.h"
-#include <stdlib.h>
#include <dirent.h>
+#include <errno.h>
+#include <stdlib.h>
#include <sys/stat.h>
#include <sys/param.h>
-#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <rpc/rpc.h>
-#ifndef lint
-static const char rcsid[] = "$Id: yp_server.c,v 1.22 1997/04/28 14:18:38 wpaul Exp $";
-#endif /* not lint */
-
int forked = 0;
int children = 0;
@@ -167,7 +168,7 @@ ypproc_match_2_svc(ypreq_key *argp, struct svc_req *rqstp)
nbuf[argp->key.keydat_len] = '\0';
if (debug)
- yp_error("Doing DNS lookup of %s", nbuf);
+ yp_error("doing DNS lookup of %s", nbuf);
if (!strcmp(argp->map, "hosts.byname"))
result.stat = yp_async_lookup_name(rqstp, nbuf);
@@ -664,7 +665,7 @@ static struct ypmaplist *yp_maplist_create(domain)
continue;
if ((cur = (struct ypmaplist *)
malloc(sizeof(struct ypmaplist))) == NULL) {
- yp_error("malloc() failed: %s",strerror(errno));
+ yp_error("malloc() failed");
closedir(dird);
yp_maplist_free(yp_maplist);
return(NULL);
diff --git a/usr.sbin/ypserv/yp_svc_udp.c b/usr.sbin/ypserv/yp_svc_udp.c
index 0b100d0..728a181 100644
--- a/usr.sbin/ypserv/yp_svc_udp.c
+++ b/usr.sbin/ypserv/yp_svc_udp.c
@@ -28,17 +28,16 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
- * $Id$
*/
+#ifndef lint
+static const char rcsid[] =
+ "$Id$";
+#endif /* not lint */
+
#include <rpc/rpc.h>
#include "yp_extern.h"
-#ifndef lint
-static const char rcsid[] = "$Id$";
-#endif
-
/*
* XXX Must not diverge from what's in src/lib/libc/rpc/svc_udp.c
*/
diff --git a/usr.sbin/ypserv/ypserv.8 b/usr.sbin/ypserv/ypserv.8
index 69cf0ae..c9e0c14 100644
--- a/usr.sbin/ypserv/ypserv.8
+++ b/usr.sbin/ypserv/ypserv.8
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: ypserv.8,v 1.11 1997/02/22 16:15:14 peter Exp $
+.\" $Id: ypserv.8,v 1.12 1997/04/15 07:41:10 jmg Exp $
.\"
.Dd February 4, 1995
.Dt YPSERV 8
@@ -51,16 +51,21 @@ such as
.Pa /etc/passwd
and
.Pa /etc/group ,
-which tend to require frequent changes in most environments, NIS
+which tend to require frequent changes in most environments,
+.Tn NIS
allows groups of computers to share one set of data which can be
updated from a single location.
.Pp
The
.Nm
-program is the server that distributes NIS databases
-to client systems within an NIS
+program is the server that distributes
+.Tn NIS
+databases to client systems within an
+.Tn NIS
.Em domain .
-Each client in an NIS domain must have its domainname set to
+Each client in an
+.Tn NIS
+domain must have its domainname set to
one of the domains served by
.Nm
using the
@@ -68,7 +73,9 @@ using the
command. The clients must also run
.Xr ypbind 8
in order to attach to a particular server, since it is possible to
-have several servers within a single NIS domain.
+have several servers within a single
+.Tn NIS
+domain.
.Pp
The databases distributed by
.Nm
@@ -89,8 +96,9 @@ are created by
using several system files as source. The database files are in
.Xr db 3
format to help speed retrieval when there are many records involved.
-In FreeBSD, the
-maps are always readable and writable only by root for security
+In
+.Bx Free ,
+the maps are always readable and writable only by root for security
reasons. Technically this is only necessary for the password
maps, but since the data in the other maps can be found in
other world-readable files anyway, it doesn't hurt and it's considered
@@ -99,18 +107,25 @@ good general practice.
The
.Nm
program is started by
-.Pa /etc/rc
+.Pa /etc/rc.network
if it has been enabled in
-.Pa /etc/sysconfig .
+.Pa /etc/rc.conf .
.Sh SPECIAL FEATURES
There are some problems associated with distributing FreeBSD's password
-database via NIS: FreeBSD normally only stores encrypted passwords
+database via
+.Tn NIS Ns :
+.Bx Free
+normally only stores encrypted passwords
in
.Pa /etc/master.passwd ,
which is readable and writable only by root. By turning this file
-into an NIS map, this security feature would be completely defeated.
+into an
+.Tn NIS
+map, this security feature would be completely defeated.
.Pp
-To make up for this, the FreeBSD version of
+To make up for this, the
+.Bx Free
+version of
.Nm
handles the
.Pa master.passwd.byname
@@ -126,7 +141,9 @@ Any requests made by non-privileged users are therefore rejected.
.Pp
Furthermore, the
.Xr getpwent 3
-routines in FreeBSD's standard C libarary will only attempt to retrieve
+routines in
+.Bx Free Ns 's
+standard C library will only attempt to retrieve
data from the
.Pa master.passwd.byname
and
@@ -144,11 +161,13 @@ file and stripping out the password fields, and are therefore
safe to pass on to unprivileged users. In this way, the shadow password
aspect of the protected
.Pa master.passwd
-database is maintained through NIS.
+database is maintained through
+.Tn NIS .
.Pp
.Sh NOTES
.Ss Limitations
-There are two problems inherent with password shadowing in NIS
+There are two problems inherent with password shadowing in
+.Tn NIS
that users should
be aware of:
.Bl -enum -offset indent
@@ -159,7 +178,11 @@ test is trivial to defeat for users with
unrestricted access to machines on your network (even those machines
which do not run UNIX-based operating systems).
.It
-If you plan to use a FreeBSD system to serve non-FreeBSD clients that
+If you plan to use a
+.Bx Free
+system to serve
+.Bx non-Free
+clients that
have no support for password shadowing (which is most of them), you
will have to disable the password shadowing entirely by uncommenting the
.Em UNSECURE=True
@@ -170,14 +193,19 @@ This will cause the standard
and
.Pa passwd.byuid
maps to be generated with valid encrypted password fields, which is
-neccesary in order for non-FreeBSD clients to perform user
-authentication through NIS.
+necessary in order for
+.Bx non-Free
+clients to perform user
+authentication through
+.Tn NIS .
.El
.Pp
.Ss Security
In general, any remote user can issue an RPC to
.Nm
-and retrieve the contents of your NIS maps, provided the remote user
+and retrieve the contents of your
+.Tn NIS
+maps, provided the remote user
knows your domain name. To prevent such unauthorized transactions,
.Nm
supports a feature called
@@ -227,7 +255,9 @@ program also has support for Wietse Venema's
package, though it is not compiled in by default since
the
.Em tcpwrapper
-package is not distributed with FreeBSD. However, if you have
+package is not distributed with
+.Bx Free .
+However, if you have
.Pa libwrap.a
and
.Pa tcpd.h ,
@@ -250,27 +280,37 @@ attacks.
.Ss NIS v1 compatibility
This version of
.Nm
-has some support for serving NIS v1 clients. FreeBSD's NIS
-implementation only uses the NIS v2 protocol, however other implementations
+has some support for serving
+.Tn NIS
+v1 clients.
+.Bx Free Ns 's
+.Tn NIS
+implementation only uses the
+.Tn NIS
+v2 protocol, however other implementations
include support for the v1 protocol for backwards compatibility
with older systems. The
.Xr ypbind 8
daemons supplied with these systems will try to establish a binding
-to an NIS v1
-server even though they may never actually need it (and they may
+to an
+.Tn NIS
+v1 server even though they may never actually need it (and they may
persist in broadcasting in search of one even after they receive a
response from a v2 server). Note that while
support for normal client calls is provided, this version of
.Nm
does not handle v1 map transfer requests; consequently, it can not
-be used as a master or slave in conjunction with older NIS servers that
+be used as a master or slave in conjunction with older
+.Tn NIS
+servers that
only support the v1 protocol. Fortunately, there probably aren't any
such servers still in use today.
.Ss NIS servers that are also NIS clients
Care must be taken when running
.Nm
in a multi-server domain where the server machines are also
-NIS clients. It is generally a good idea to force the servers to
+.Tn NIS
+clients. It is generally a good idea to force the servers to
bind to themselves rather than allowing them to broadcast bind
requests and possibly become bound to each other: strange failure
modes can result if one server goes down and
@@ -311,12 +351,18 @@ succeeded.
.Pp
This feature is provided for compatiblity with SunOS 4.1.x,
which has brain-damaged resolver functions in its standard C
-library that depend on NIS for hostname and address resolution.
-FreeBSD's resolver can be configured to do DNS
+library that depend on
+.Tn NIS
+for hostname and address resolution.
+.Bx Free Ns 's
+resolver can be configured to do DNS
queries directly, therefore it is not necessary to enable this
-option when serving only FreeBSD NIS clients.
+option when serving only
+.Bx Free
+.Tn NIS
+clients.
.It Fl d
-Causes the server to run in debugging mode. Normally,
+Cause the server to run in debugging mode. Normally,
.Nm
reports only unusual errors (access violations, file access failures)
using the
@@ -334,22 +380,28 @@ a debugging tool.
.It Fl p Ar path
Normally,
.Nm
-assumes that all NIS maps are stored under
+assumes that all
+.Tn NIS
+maps are stored under
.Pa /var/yp .
The
.Fl p
-flag may be used to specify an alternate NIS root path, allowing
+flag may be used to specify an alternate
+.Tn NIS
+root path, allowing
the system administrator to move the map files to a different place
within the filesystem.
.El
.Sh FILES
.Bl -tag -width Pa -compact
.It Pa /var/yp/[domainname]/[maps]
-The NIS maps.
+the
+.Tn NIS
+maps
.It Pa /etc/host.conf
-Resolver configuration file.
+resolver configuration file
.It Pa /var/yp/securenets
-Host access control file
+host access control file
.El
.Sh SEE ALSO
.Xr ypcat 1 ,
@@ -360,7 +412,7 @@ Host access control file
.Xr yppush 8 ,
.Xr ypxfr 8
.Sh AUTHOR
-Bill Paul <wpaul@ctr.columbia.edu>
+.An Bill Paul Aq wpaul@ctr.columbia.edu
.Sh HISTORY
This version of
.Nm
OpenPOWER on IntegriCloud