diff options
-rw-r--r-- | usr.sbin/ypserv/yp_access.c | 17 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_dblookup.c | 41 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_dnslookup.c | 37 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_error.c | 12 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_extern.h | 7 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_main.c | 47 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_server.c | 17 | ||||
-rw-r--r-- | usr.sbin/ypserv/yp_svc_udp.c | 11 | ||||
-rw-r--r-- | usr.sbin/ypserv/ypserv.8 | 126 |
9 files changed, 182 insertions, 133 deletions
diff --git a/usr.sbin/ypserv/yp_access.c b/usr.sbin/ypserv/yp_access.c index 5b306a8..bb869f2 100644 --- a/usr.sbin/ypserv/yp_access.c +++ b/usr.sbin/ypserv/yp_access.c @@ -31,6 +31,11 @@ * */ +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + #include <stdlib.h> #include <rpc/rpc.h> #include <rpcsvc/yp.h> @@ -52,10 +57,6 @@ #include "tcpd.h" #endif -#ifndef lint -static const char rcsid[] = "$Id$"; -#endif - extern int debug; /* NIS v1 */ @@ -241,11 +242,11 @@ int yp_access(map, rqstp) rqhost = svc_getcaller(rqstp->rq_xprt); if (debug) { - yp_error("Procedure %s called from %s:%d", yp_procedure, + yp_error("procedure %s called from %s:%d", yp_procedure, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port)); if (map != NULL) - yp_error("Client is referencing map \"%s\".", map); + yp_error("client is referencing map \"%s\".", map); } /* Check the map name if one was supplied. */ @@ -267,14 +268,14 @@ possible spoof attempt from %s:%d", (rqstp->rq_prog == YPXFRD_FREEBSD_PROG && rqstp->rq_proc == YPXFRD_GETMAP)) && ntohs(rqhost->sin_port) >= IPPORT_RESERVED) { - yp_error("Access to %s denied -- client %s:%d \ + yp_error("access to %s denied -- client %s:%d \ not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port)); return(1); } } #ifdef TCP_WRAPPER - status = hosts_ctl(progname, STRING_UNKNOWN, + status = hosts_ctl("ypserv", STRING_UNKNOWN, inet_ntoa(rqhost->sin_addr), ""); #else tmp = securenets; diff --git a/usr.sbin/ypserv/yp_dblookup.c b/usr.sbin/ypserv/yp_dblookup.c index 81602ff..9041c09 100644 --- a/usr.sbin/ypserv/yp_dblookup.c +++ b/usr.sbin/ypserv/yp_dblookup.c @@ -28,28 +28,27 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id$ - * */ + +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + +#include <db.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <paths.h> #include <stdio.h> #include <stdlib.h> -#include <fcntl.h> #include <string.h> -#include <limits.h> #include <unistd.h> -#include <db.h> #include <sys/stat.h> #include <sys/param.h> -#include <errno.h> -#include <paths.h> #include <rpcsvc/yp.h> #include "yp_extern.h" -#ifndef lint -static const char rcsid[] = "$Id$"; -#endif - int ypdb_debug = 0; enum ypstat yp_errno = YP_TRUE; @@ -106,15 +105,13 @@ static struct circleq_entry *yp_malloc_qent() q = (struct circleq_entry *)malloc(sizeof(struct circleq_entry)); if (q == NULL) { - yp_error("failed to malloc() circleq entry: %s", - strerror(errno)); + yp_error("failed to malloc() circleq entry"); return(NULL); } bzero((char *)q, sizeof(struct circleq_entry)); q->dbptr = (struct dbent *)malloc(sizeof(struct dbent)); if (q->dbptr == NULL) { - yp_error("failed to malloc() circleq entry: %s", - strerror(errno)); + yp_error("failed to malloc() circleq entry"); free(q); return(NULL); } @@ -480,7 +477,7 @@ int yp_get_record(domain,map,key,data,allow) #endif if (ypdb_debug) - yp_error("Looking up key [%.*s]", + yp_error("looking up key [%.*s]", key->size, key->data); /* @@ -510,7 +507,7 @@ int yp_get_record(domain,map,key,data,allow) } if (ypdb_debug) - yp_error("Result of lookup: key: [%.*s] data: [%.*s]", + yp_error("result of lookup: key: [%.*s] data: [%.*s]", key->size, key->data, data->size, data->data); #ifdef DB_CACHE @@ -539,7 +536,7 @@ int yp_first_record(dbp,key,data,allow) #endif if (ypdb_debug) - yp_error("Retrieving first key in map."); + yp_error("retrieving first key in map"); if ((rval = (dbp->seq)(dbp,key,data,R_FIRST)) != 0) { #ifdef DB_CACHE @@ -565,7 +562,7 @@ int yp_first_record(dbp,key,data,allow) } if (ypdb_debug) - yp_error("Result of lookup: key: [%.*s] data: [%.*s]", + yp_error("result of lookup: key: [%.*s] data: [%.*s]", key->size, key->data, data->size, data->data); #ifdef DB_CACHE @@ -610,7 +607,7 @@ int yp_next_record(dbp,key,data,all,allow) } if (ypdb_debug) - yp_error("Retreiving next key, previous was: [%.*s]", + yp_error("retrieving next key, previous was: [%.*s]", key->size, key->data); if (!all) { @@ -649,7 +646,7 @@ int yp_next_record(dbp,key,data,all,allow) } if (ypdb_debug) - yp_error("Result of lookup: key: [%.*s] data: [%.*s]", + yp_error("result of lookup: key: [%.*s] data: [%.*s]", key->size, key->data, data->size, data->data); #ifdef DB_CACHE diff --git a/usr.sbin/ypserv/yp_dnslookup.c b/usr.sbin/ypserv/yp_dnslookup.c index 282bdcb..f29750d 100644 --- a/usr.sbin/ypserv/yp_dnslookup.c +++ b/usr.sbin/ypserv/yp_dnslookup.c @@ -28,10 +28,13 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $ */ +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + /* * Do standard and reverse DNS lookups using the resolver library. * Take care of all the dirty work here so the main program only has to @@ -51,23 +54,18 @@ #include <arpa/inet.h> #include <arpa/nameser.h> -#include <stdio.h> #include <ctype.h> -#include <resolv.h> +#include <errno.h> #include <netdb.h> -#include <unistd.h> +#include <stdio.h> #include <stdlib.h> #include <string.h> -#include <errno.h> -#include <err.h> +#include <resolv.h> +#include <unistd.h> #include <rpcsvc/yp.h> #include "yp_extern.h" -#ifndef lint -static const char rcsid[] = "$Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $"; -#endif - static char *parse(hp) struct hostent *hp; { @@ -147,8 +145,7 @@ static struct circleq_dnsentry *yp_malloc_dnsent() q = (struct circleq_dnsentry *)malloc(sizeof(struct circleq_dnsentry)); if (q == NULL) { - yp_error("failed to malloc() circleq dns entry: %s", - strerror(errno)); + yp_error("failed to malloc() circleq dns entry"); return(NULL); } @@ -266,13 +263,13 @@ static void yp_send_dns_reply(q, buf) xdrfunc = (xdrproc_t)xdr_ypresponse; break; default: - yp_error("Bad YP program version (%lu)!",q->ypvers); + yp_error("bad YP program version (%lu)!", q->ypvers); return; break; } if (debug) - yp_error("Sending dns reply to %s (%lu)", + yp_error("sending dns reply to %s (%lu)", inet_ntoa(q->client_addr.sin_addr), q->id); /* * XXX This is disgusting. There's basically one transport @@ -352,7 +349,7 @@ void yp_run_dnsq() struct hostent *hent; if (debug) - yp_error("Running dns queue"); + yp_error("running dns queue"); bzero(buf, sizeof(buf)); @@ -380,7 +377,7 @@ void yp_run_dnsq() } if (debug) - yp_error("Got dns reply from %s", inet_ntoa(sin.sin_addr)); + yp_error("got dns reply from %s", inet_ntoa(sin.sin_addr)); hent = __dns_getanswer(buf, rval, q->name, q->type); @@ -395,7 +392,7 @@ void yp_run_dnsq() snprintf(retrybuf, sizeof(retrybuf), "%s.%s", q->name, *q->domain); if (debug) - yp_error("Retrying with: %s", retrybuf); + yp_error("retrying with: %s", retrybuf); q->id = yp_send_dns_query(retrybuf, q->type); q->ttl = DEF_TTL; q->domain++; @@ -472,7 +469,7 @@ ypstat yp_async_lookup_name(rqstp, name) pending++; if (debug) - yp_error("Queueing async DNS name lookup (%d)", q->id); + yp_error("queueing async DNS name lookup (%d)", q->id); yp_prune_dnsq(); return(YP_TRUE); @@ -537,7 +534,7 @@ ypstat yp_async_lookup_addr(rqstp, addr) pending++; if (debug) - yp_error("Queueing async DNS address lookup (%d)", q->id); + yp_error("queueing async DNS address lookup (%d)", q->id); yp_prune_dnsq(); return(YP_TRUE); diff --git a/usr.sbin/ypserv/yp_error.c b/usr.sbin/ypserv/yp_error.c index 8d92cf5..94adf32 100644 --- a/usr.sbin/ypserv/yp_error.c +++ b/usr.sbin/ypserv/yp_error.c @@ -30,21 +30,21 @@ * SUCH DAMAGE. * */ + +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + /* * error logging/reporting facilities * stolen from /usr/libexec/mail.local via ypserv - * - * $Id$ */ #include <stdio.h> #include <sys/types.h> #include <syslog.h> -#ifndef lint -static const char rcsid[] = "$Id$"; -#endif - int debug; extern int _rpcpmstart; diff --git a/usr.sbin/ypserv/yp_extern.h b/usr.sbin/ypserv/yp_extern.h index 5eacf13..0aaee26 100644 --- a/usr.sbin/ypserv/yp_extern.h +++ b/usr.sbin/ypserv/yp_extern.h @@ -29,15 +29,16 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: yp_extern.h,v 1.11 1997/02/22 16:15:11 peter Exp $ */ + +#include <db.h> +#include <limits.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <sys/cdefs.h> #include <sys/types.h> -#include <limits.h> -#include <db.h> #include <rpc/rpc.h> #include <rpcsvc/yp.h> diff --git a/usr.sbin/ypserv/yp_main.c b/usr.sbin/ypserv/yp_main.c index 1ec048f..6aaa7e3 100644 --- a/usr.sbin/ypserv/yp_main.c +++ b/usr.sbin/ypserv/yp_main.c @@ -28,10 +28,13 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $ */ +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + /* * ypserv startup function. * We need out own main() since we have to do some additional work @@ -40,34 +43,31 @@ */ #include "yp.h" +#include <err.h> +#include <errno.h> +#include <memory.h> #include <stdio.h> +#include <signal.h> #include <stdlib.h> /* getenv, exit */ -#include <rpc/pmap_clnt.h> /* for pmap_unset */ #include <string.h> /* strcmp */ -#include <signal.h> +#include <syslog.h> +#include <unistd.h> +#include <rpc/pmap_clnt.h> /* for pmap_unset */ #include <sys/ttycom.h> /* TIOCNOTTY */ #ifdef __cplusplus #include <sysent.h> /* getdtablesize, open */ #endif /* __cplusplus */ -#include <memory.h> #include <sys/socket.h> #include <netinet/in.h> -#include <syslog.h> #include <sys/wait.h> #include "yp_extern.h" -#include <unistd.h> #include <rpc/rpc.h> -#include <errno.h> -#include <err.h> #ifndef SIG_PF #define SIG_PF void(*)(int) #endif #define _RPCSVC_CLOSEDOWN 120 -#ifndef lint -static const char rcsid[] = "$Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $"; -#endif /* not lint */ int _rpcpmstart; /* Started by a port monitor ? */ static int _rpcfdtype; /* Whether Stream or Datagram ? */ @@ -94,7 +94,7 @@ void _msgout(char* msg) if (_rpcpmstart) syslog(LOG_ERR, msg); else - (void) fprintf(stderr, "%s\n", msg); + warnx("%s", msg); } else syslog(LOG_ERR, msg); } @@ -132,7 +132,7 @@ yp_svc_run() if (errno == EINTR) { continue; } - perror("svc_run: - select failed"); + warn("svc_run: - select failed"); return; case 0: yp_prune_dnsq(); @@ -179,7 +179,7 @@ static void reaper(sig) static void usage() { - fprintf(stderr, "Usage: %s [-h] [-d] [-n] [-p path]\n", progname); + fprintf(stderr, "usage: ypserv [-h] [-d] [-n] [-p path]\n"); exit(1); } @@ -213,6 +213,7 @@ closedown(int sig) (void) alarm(_RPCSVC_CLOSEDOWN/2); } +int main(argc, argv) int argc; char *argv[]; @@ -257,13 +258,13 @@ main(argc, argv) sock = 0; _rpcpmstart = 1; proto = 0; - openlog(progname, LOG_PID, LOG_DAEMON); + openlog("ypserv", LOG_PID, LOG_DAEMON); } else { if (!debug) { if (daemon(0,0)) { err(1,"cannot fork"); } - openlog(progname, LOG_PID, LOG_DAEMON); + openlog("ypserv", LOG_PID, LOG_DAEMON); } sock = RPC_ANYSOCK; (void) pmap_unset(YPPROG, YPVERS); @@ -273,17 +274,17 @@ main(argc, argv) if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_DGRAM)) { transp = svcudp_create(sock); if (transp == NULL) { - _msgout("cannot create udp service."); + _msgout("cannot create udp service"); exit(1); } if (!_rpcpmstart) proto = IPPROTO_UDP; if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) { - _msgout("unable to register (YPPROG, YPOLDVERS, udp)."); + _msgout("unable to register (YPPROG, YPOLDVERS, udp)"); exit(1); } if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) { - _msgout("unable to register (YPPROG, YPVERS, udp)."); + _msgout("unable to register (YPPROG, YPVERS, udp)"); exit(1); } } @@ -291,17 +292,17 @@ main(argc, argv) if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_STREAM)) { transp = svctcp_create(sock, 0, 0); if (transp == NULL) { - _msgout("cannot create tcp service."); + _msgout("cannot create tcp service"); exit(1); } if (!_rpcpmstart) proto = IPPROTO_TCP; if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) { - _msgout("unable to register (YPPROG, YPOLDVERS, tcp)."); + _msgout("unable to register (YPPROG, YPOLDVERS, tcp)"); exit(1); } if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) { - _msgout("unable to register (YPPROG, YPVERS, tcp)."); + _msgout("unable to register (YPPROG, YPVERS, tcp)"); exit(1); } } diff --git a/usr.sbin/ypserv/yp_server.c b/usr.sbin/ypserv/yp_server.c index 5e2ec4d..9927f6b 100644 --- a/usr.sbin/ypserv/yp_server.c +++ b/usr.sbin/ypserv/yp_server.c @@ -31,23 +31,24 @@ * */ +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + #include "yp.h" #include "yp_extern.h" -#include <stdlib.h> #include <dirent.h> +#include <errno.h> +#include <stdlib.h> #include <sys/stat.h> #include <sys/param.h> -#include <errno.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <rpc/rpc.h> -#ifndef lint -static const char rcsid[] = "$Id: yp_server.c,v 1.22 1997/04/28 14:18:38 wpaul Exp $"; -#endif /* not lint */ - int forked = 0; int children = 0; @@ -167,7 +168,7 @@ ypproc_match_2_svc(ypreq_key *argp, struct svc_req *rqstp) nbuf[argp->key.keydat_len] = '\0'; if (debug) - yp_error("Doing DNS lookup of %s", nbuf); + yp_error("doing DNS lookup of %s", nbuf); if (!strcmp(argp->map, "hosts.byname")) result.stat = yp_async_lookup_name(rqstp, nbuf); @@ -664,7 +665,7 @@ static struct ypmaplist *yp_maplist_create(domain) continue; if ((cur = (struct ypmaplist *) malloc(sizeof(struct ypmaplist))) == NULL) { - yp_error("malloc() failed: %s",strerror(errno)); + yp_error("malloc() failed"); closedir(dird); yp_maplist_free(yp_maplist); return(NULL); diff --git a/usr.sbin/ypserv/yp_svc_udp.c b/usr.sbin/ypserv/yp_svc_udp.c index 0b100d0..728a181 100644 --- a/usr.sbin/ypserv/yp_svc_udp.c +++ b/usr.sbin/ypserv/yp_svc_udp.c @@ -28,17 +28,16 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id$ */ +#ifndef lint +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ + #include <rpc/rpc.h> #include "yp_extern.h" -#ifndef lint -static const char rcsid[] = "$Id$"; -#endif - /* * XXX Must not diverge from what's in src/lib/libc/rpc/svc_udp.c */ diff --git a/usr.sbin/ypserv/ypserv.8 b/usr.sbin/ypserv/ypserv.8 index 69cf0ae..c9e0c14 100644 --- a/usr.sbin/ypserv/ypserv.8 +++ b/usr.sbin/ypserv/ypserv.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: ypserv.8,v 1.11 1997/02/22 16:15:14 peter Exp $ +.\" $Id: ypserv.8,v 1.12 1997/04/15 07:41:10 jmg Exp $ .\" .Dd February 4, 1995 .Dt YPSERV 8 @@ -51,16 +51,21 @@ such as .Pa /etc/passwd and .Pa /etc/group , -which tend to require frequent changes in most environments, NIS +which tend to require frequent changes in most environments, +.Tn NIS allows groups of computers to share one set of data which can be updated from a single location. .Pp The .Nm -program is the server that distributes NIS databases -to client systems within an NIS +program is the server that distributes +.Tn NIS +databases to client systems within an +.Tn NIS .Em domain . -Each client in an NIS domain must have its domainname set to +Each client in an +.Tn NIS +domain must have its domainname set to one of the domains served by .Nm using the @@ -68,7 +73,9 @@ using the command. The clients must also run .Xr ypbind 8 in order to attach to a particular server, since it is possible to -have several servers within a single NIS domain. +have several servers within a single +.Tn NIS +domain. .Pp The databases distributed by .Nm @@ -89,8 +96,9 @@ are created by using several system files as source. The database files are in .Xr db 3 format to help speed retrieval when there are many records involved. -In FreeBSD, the -maps are always readable and writable only by root for security +In +.Bx Free , +the maps are always readable and writable only by root for security reasons. Technically this is only necessary for the password maps, but since the data in the other maps can be found in other world-readable files anyway, it doesn't hurt and it's considered @@ -99,18 +107,25 @@ good general practice. The .Nm program is started by -.Pa /etc/rc +.Pa /etc/rc.network if it has been enabled in -.Pa /etc/sysconfig . +.Pa /etc/rc.conf . .Sh SPECIAL FEATURES There are some problems associated with distributing FreeBSD's password -database via NIS: FreeBSD normally only stores encrypted passwords +database via +.Tn NIS Ns : +.Bx Free +normally only stores encrypted passwords in .Pa /etc/master.passwd , which is readable and writable only by root. By turning this file -into an NIS map, this security feature would be completely defeated. +into an +.Tn NIS +map, this security feature would be completely defeated. .Pp -To make up for this, the FreeBSD version of +To make up for this, the +.Bx Free +version of .Nm handles the .Pa master.passwd.byname @@ -126,7 +141,9 @@ Any requests made by non-privileged users are therefore rejected. .Pp Furthermore, the .Xr getpwent 3 -routines in FreeBSD's standard C libarary will only attempt to retrieve +routines in +.Bx Free Ns 's +standard C library will only attempt to retrieve data from the .Pa master.passwd.byname and @@ -144,11 +161,13 @@ file and stripping out the password fields, and are therefore safe to pass on to unprivileged users. In this way, the shadow password aspect of the protected .Pa master.passwd -database is maintained through NIS. +database is maintained through +.Tn NIS . .Pp .Sh NOTES .Ss Limitations -There are two problems inherent with password shadowing in NIS +There are two problems inherent with password shadowing in +.Tn NIS that users should be aware of: .Bl -enum -offset indent @@ -159,7 +178,11 @@ test is trivial to defeat for users with unrestricted access to machines on your network (even those machines which do not run UNIX-based operating systems). .It -If you plan to use a FreeBSD system to serve non-FreeBSD clients that +If you plan to use a +.Bx Free +system to serve +.Bx non-Free +clients that have no support for password shadowing (which is most of them), you will have to disable the password shadowing entirely by uncommenting the .Em UNSECURE=True @@ -170,14 +193,19 @@ This will cause the standard and .Pa passwd.byuid maps to be generated with valid encrypted password fields, which is -neccesary in order for non-FreeBSD clients to perform user -authentication through NIS. +necessary in order for +.Bx non-Free +clients to perform user +authentication through +.Tn NIS . .El .Pp .Ss Security In general, any remote user can issue an RPC to .Nm -and retrieve the contents of your NIS maps, provided the remote user +and retrieve the contents of your +.Tn NIS +maps, provided the remote user knows your domain name. To prevent such unauthorized transactions, .Nm supports a feature called @@ -227,7 +255,9 @@ program also has support for Wietse Venema's package, though it is not compiled in by default since the .Em tcpwrapper -package is not distributed with FreeBSD. However, if you have +package is not distributed with +.Bx Free . +However, if you have .Pa libwrap.a and .Pa tcpd.h , @@ -250,27 +280,37 @@ attacks. .Ss NIS v1 compatibility This version of .Nm -has some support for serving NIS v1 clients. FreeBSD's NIS -implementation only uses the NIS v2 protocol, however other implementations +has some support for serving +.Tn NIS +v1 clients. +.Bx Free Ns 's +.Tn NIS +implementation only uses the +.Tn NIS +v2 protocol, however other implementations include support for the v1 protocol for backwards compatibility with older systems. The .Xr ypbind 8 daemons supplied with these systems will try to establish a binding -to an NIS v1 -server even though they may never actually need it (and they may +to an +.Tn NIS +v1 server even though they may never actually need it (and they may persist in broadcasting in search of one even after they receive a response from a v2 server). Note that while support for normal client calls is provided, this version of .Nm does not handle v1 map transfer requests; consequently, it can not -be used as a master or slave in conjunction with older NIS servers that +be used as a master or slave in conjunction with older +.Tn NIS +servers that only support the v1 protocol. Fortunately, there probably aren't any such servers still in use today. .Ss NIS servers that are also NIS clients Care must be taken when running .Nm in a multi-server domain where the server machines are also -NIS clients. It is generally a good idea to force the servers to +.Tn NIS +clients. It is generally a good idea to force the servers to bind to themselves rather than allowing them to broadcast bind requests and possibly become bound to each other: strange failure modes can result if one server goes down and @@ -311,12 +351,18 @@ succeeded. .Pp This feature is provided for compatiblity with SunOS 4.1.x, which has brain-damaged resolver functions in its standard C -library that depend on NIS for hostname and address resolution. -FreeBSD's resolver can be configured to do DNS +library that depend on +.Tn NIS +for hostname and address resolution. +.Bx Free Ns 's +resolver can be configured to do DNS queries directly, therefore it is not necessary to enable this -option when serving only FreeBSD NIS clients. +option when serving only +.Bx Free +.Tn NIS +clients. .It Fl d -Causes the server to run in debugging mode. Normally, +Cause the server to run in debugging mode. Normally, .Nm reports only unusual errors (access violations, file access failures) using the @@ -334,22 +380,28 @@ a debugging tool. .It Fl p Ar path Normally, .Nm -assumes that all NIS maps are stored under +assumes that all +.Tn NIS +maps are stored under .Pa /var/yp . The .Fl p -flag may be used to specify an alternate NIS root path, allowing +flag may be used to specify an alternate +.Tn NIS +root path, allowing the system administrator to move the map files to a different place within the filesystem. .El .Sh FILES .Bl -tag -width Pa -compact .It Pa /var/yp/[domainname]/[maps] -The NIS maps. +the +.Tn NIS +maps .It Pa /etc/host.conf -Resolver configuration file. +resolver configuration file .It Pa /var/yp/securenets -Host access control file +host access control file .El .Sh SEE ALSO .Xr ypcat 1 , @@ -360,7 +412,7 @@ Host access control file .Xr yppush 8 , .Xr ypxfr 8 .Sh AUTHOR -Bill Paul <wpaul@ctr.columbia.edu> +.An Bill Paul Aq wpaul@ctr.columbia.edu .Sh HISTORY This version of .Nm |