diff options
author | wpaul <wpaul@FreeBSD.org> | 1995-07-20 22:33:02 +0000 |
---|---|---|
committer | wpaul <wpaul@FreeBSD.org> | 1995-07-20 22:33:02 +0000 |
commit | f369859c3287504df6edba262c6f8a9ba1cc8ce3 (patch) | |
tree | 46f743de5f7c72f98123b8b731fd21f5c7f25ded /usr.sbin/ypbind/ypbind.8 | |
parent | 0d96965bab7c571c0478a931d5b9216d197cdd85 (diff) | |
download | FreeBSD-src-f369859c3287504df6edba262c6f8a9ba1cc8ce3.zip FreeBSD-src-f369859c3287504df6edba262c6f8a9ba1cc8ce3.tar.gz |
Add a -S option to ypbind that allows the following:
-S domainname,server1,server2,server3,...
The -S flag allows the system administrator to lock ypbind to a
particular domain and group of NIS servers. Up to ten servers can
be specified. There must not be any spaces between the commas in
the domain/server specification. This option is used to insure that
that the system binds only to one domain and only to one of the
specified servers, which is useful for systems that are both NIS
servers and NIS clients: it provides a way to restrict what ma-
chines the system can bind to without the need for specifying the
-ypset or -ypsetme options, which are often considered to be secu-
rity holes. The specified servers must have valid entries in the
local /etc/hosts file. IP addresses may be specified in place of
hostnames. If ypbind can't make sense ouf of the arguments, it will
ignore the -S flag and continue running normally.
Note that ypbind will consider the domainname specified with the -S
flag to be the system default domain.
(According to what Garrett showed me, OSF/1 actually only allows 4 servers
to be specified. Ten seemed to be a bit more reasonable to me.)
Suggested by: G. Wollman
Idea lifted from: OSF/1
Diffstat (limited to 'usr.sbin/ypbind/ypbind.8')
-rw-r--r-- | usr.sbin/ypbind/ypbind.8 | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/usr.sbin/ypbind/ypbind.8 b/usr.sbin/ypbind/ypbind.8 index dcd47af..4748a21 100644 --- a/usr.sbin/ypbind/ypbind.8 +++ b/usr.sbin/ypbind/ypbind.8 @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: ypbind.8,v 1.1 1995/04/09 21:59:06 wpaul Exp $ +.\" $Id: ypbind.8,v 1.2 1995/04/26 19:03:15 wpaul Exp $ .\" .Dd April 9, 1995 .Dt YPBIND 8 @@ -42,6 +42,7 @@ .Op Fl ypset .Op Fl ypsetme .Op Fl s +.Op Fl S Ar domainname,server1,server2,... .Sh DESCRIPTION .Nm ypbind is the process that maintains NIS binding information. At startup, @@ -103,6 +104,35 @@ flag causes to run in secure mode: it will refuse to bind to any NIS server that is not running as root (i.e. that is not using privileged TCP ports). +.It Fl S Ar domainname,server1,server2,server3,... +The +.Fl S +flag allows the system administrator to lock ypbind to a particular +domain and group of NIS servers. Up to ten servers can be specified. +There must not be any spaces between the commas in the domain/server +specification. This option is used to insure that that the system binds +only to one domain and only to one of the specified servers, which +is useful for systems that are both NIS servers and NIS +clients: it provides a way to restrict what machines the system can +bind to without the need for specifying the +.Fl ypset +or +.Fl ypsetme +options, which are often considered to be security holes. The specified +servers must have valid entries in the local +.Pa /etc/hosts +file. IP addresses may be specified in place of hostnames. If +.Nm ypbind +can't make sense ouf of the arguments, it will ignore +the +.Fl S +flag and continue running normally. +.Pp +Note that +.Nm ypbind +will consider the domainname specified with the +.Fl S +flag to be the system default domain. .Sh NOTES .Nm ypbind will not make continuous attempts to keep secondary domains bound. @@ -118,6 +148,9 @@ client programs reference it ot not. .Bl -tag -width Pa -compact .It Pa /var/yp/binding/[domainname].[version] The files used to hold binding information for each NIS domain. +.It Pa /etc/sysconfig +System configuration file where the system default domain and +ypbind startup options are specified. .El .Sh SEE ALSO .Xr syslog 3 , |