From b15af2b63c8fbd120b192212cbf2ce89c31caca4 Mon Sep 17 00:00:00 2001 From: charnier Date: Mon, 22 Dec 1997 07:35:40 +0000 Subject: Use .Tn, .Bx Free and .An. --- share/man/man4/yp.4 | 258 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 180 insertions(+), 78 deletions(-) (limited to 'share/man/man4') diff --git a/share/man/man4/yp.4 b/share/man/man4/yp.4 index fb99938..c8ba31b 100644 --- a/share/man/man4/yp.4 +++ b/share/man/man4/yp.4 @@ -26,7 +26,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)yp.8 1.0 (deraadt) 4/26/93 -.\" $Id: yp.4,v 1.12 1997/03/21 20:13:29 mpp Exp $ +.\" $Id: yp.4,v 1.13 1997/10/31 12:30:49 charnier Exp $ .\" .Dd April 5, 1993 .Dt YP 4 @@ -52,14 +52,18 @@ and .Xr ethers 3 . The .Xr bootparamd 8 -daemon makes direct NIS library calls since there are no -functions in the standard C library for reading bootparams. NIS +daemon makes direct +.Tn NIS +library calls since there are no +functions in the standard C library for reading bootparams. +.Tn NIS support for the hosts, services and rpc databases is enabled by uncommenting the -.Pa nis +.Em nis line in -.Pa /etc/host.conf. -NIS support for the remaining services is +.Pa /etc/host.conf . +.Tn NIS +support for the remaining services is activated by adding a special '+' entry to the appropriate file. .Pp The @@ -71,43 +75,61 @@ if it has been initialized in and if the directory .Pa /var/yp exists (which it does in the default distribution). The default -NIS domain must also be set with the +.Tn NIS +domain must also be set with the .Xr domainname 1 command, which will happen automatically at system startup if it is specified in .Pa /etc/rc.conf . .Pp -NIS is an RPC-based client/server system that allows a group of -machines within an NIS -.Em domain -to share a common set of configuration files. This permits a system -administrator to set up NIS client systems with only minimal configuration +.Tn NIS +is an +.Tn RPC Ns -based +client/server system that allows a group of +machines within an +.Tn NIS +domain to share a common set of configuration files. This permits a system +administrator to set up +.Tn NIS +client systems with only minimal configuration data and add, remove or modify configuration data from a single location. .Pp -The canonical copies of all NIS information are stored on a single machine +The canonical copies of all +.Tn NIS +information are stored on a single machine called the -.Pa NIS master server . +.Em Tn NIS master server . The databases used to store the information are called -.Pa NIS maps. +.Em Tn NIS maps . In -.Tn FreeBSD , +.Bx Free , these maps are stored in .Pa /var/yp/[domainname] where .Pa [domainname] -is the name of the NIS domain being served. A single NIS server can +is the name of the +.Tn NIS +domain being served. A single +.Tn NIS +server can support several domains at once, therefore it is possible to have several such directories, one for each supported domain. Each domain will have its own independent set of maps. .Pp In -.Tn FreeBSD , -the NIS maps are Berkeley DB hashed database files (the +.Bx Free , +the +.Tn NIS +maps are Berkeley DB hashed database files (the same format used for the .Xr passwd 5 -database files). Other operating systems that support NIS use old-style +database files). Other operating systems that support +.Tn NIS +use old-style ndbm databases instead (largely because Sun Microsystems originally based -their NIS implementation on ndbm, and other vendors have simply licensed +their +.Tn NIS +implementation on ndbm, and other vendors have simply licensed Sun's code rather than design their own implementation with a different database format). On these systems, the databases are generally split into @@ -122,38 +144,60 @@ and .Pa passwd.byname.pag files on other operating systems (both of which are really parts of the same map), -.Tn FreeBSD +.Bx Free will have only one file called .Pa passwd.byname . The difference in format is not significant: only the -NIS server, +.Tn NIS +server, .Xr ypserv 8 , -and related tools need to know the database format of the NIS maps. Client -NIS systems receive all NIS data in ASCII form. +and related tools need to know the database format of the +.Tn NIS +maps. Client +.Tn NIS +systems receive all +.Tn NIS +data in +.Tn ASCII +form. .Pp -There are three main types of NIS systems: +There are three main types of +.Tn NIS +systems: .Bl -enum -offset indent .It -.Pa NIS clients , -which query NIS servers for information. +.Pa Tn NIS clients , +which query +.Tn NIS +servers for information. .It -.Pa NIS master servers , -which maintain the canonical copies of all NIS maps. +.Pa Tn NIS master servers , +which maintain the canonical copies of all +.Tn NIS +maps. .It -.Pa NIS slave servers , -which maintain backup copies of NIS maps that are periodically +.Pa Tn NIS slave servers , +which maintain backup copies of +.Tn NIS +maps that are periodically updated by the master. .El .Pp -An NIS client establishes what is called a +An +.Tn NIS +client establishes what is called a .Em binding -to a particular NIS server using the +to a particular +.Tn NIS +server using the .Xr ypbind 8 daemon. .Xr Ypbind 8 checks the system's default domain (as set by the .Xr domainname 1 -command) and begins broadcasting RPC requests on the local network. +command) and begins broadcasting +.Tn RPC +requests on the local network. These requests specify the name of the domain for which .Xr ypbind 8 is attempting to establish a binding. If a server that has been @@ -164,7 +208,9 @@ which will record the server's address. If there are several servers available (a master and several slaves, for example), .Xr ypbind 8 will use the address of the first one to respond. From that point -on, the client system will direct all of its NIS requests to that server. +on, the client system will direct all of its +.Tn NIS +requests to that server. .Xr Ypbind 8 will occasionally ``ping'' the server to make sure it's still up and running. If it fails to receive a reply to one of its pings @@ -173,11 +219,16 @@ within a reasonable amount of time, will mark the domain as unbound and begin broadcasting again in the hopes of locating another server. .Pp -NIS master and slave servers handle all NIS requests with the +.Tn NIS +master and slave servers handle all +.Tn NIS +requests with the .Xr ypserv 8 daemon. .Xr Ypserv 8 -is responsible for receiving incoming requests from NIS clients, +is responsible for receiving incoming requests from +.Tn NIS +clients, translating the requested domain and map name to a path to the corresponding database file and transmitting data from the database back to the client. There is a specific set of requests that @@ -190,7 +241,9 @@ within the standard C library: -- check the creation date of a particular map .It .Fn yp_master --- obtain the name of the NIS master server for a given +-- obtain the name of the +.Tn NIS +master server for a given map/domain .It .Fn yp_match @@ -208,7 +261,9 @@ key/data pair immediately following it (the functions .Fn yp_first and .Fn yp_next -can be used to do a sequential search of an NIS map) +can be used to do a sequential search of an +.Tn NIS +map) .It .Fn yp_all -- retrieve the entire contents of a map @@ -229,13 +284,17 @@ server. A slave server provides the exact same information as a master server: whenever the maps on the master server are updated, the new data should be propagated to the slave systems using the .Xr yppush 8 -command. The NIS Makefile +command. The +.Tn NIS +Makefile .Pf ( Pa /var/yp/Makefile ) will do this automatically if the administrator comments out the line which says .Em NOPUSH=true (NOPUSH is set to true by default because the default configuration is -for a small network with only one NIS server). The +for a small network with only one +.Tn NIS +server). The .Xr yppush 8 command will initiate a transaction between the master and slave during which the slave will transfer the specified maps from the @@ -248,18 +307,24 @@ automatically from within therefore it is not usually necessary for the administrator to use it directly. It can be run manually if desired, however.) Maintaining -slave servers helps improve NIS performance on large +slave servers helps improve +.Tn NIS +performance on large networks by: .Pp .Bl -bullet -offset indent .It -Providing backup services in the event that the NIS master crashes +Providing backup services in the event that the +.Tn NIS +master crashes or becomes unreachable .It Spreading the client load out over several machines instead of causing the master to become overloaded .It -Allowing a single NIS domain to extend beyond +Allowing a single +.Tn NIS +domain to extend beyond a local network (the .Xr ypbind 8 daemon might not be able to locate a server automatically if it resides on @@ -272,14 +337,16 @@ placing a slave server on the local network.) .El .Pp The -.Tn FreeBSD +.Bx Free .Xr ypserv 8 is specially designed to provided enhanced security (compared to -other NIS implementations) when used exclusively with -.Tn FreeBSD +other +.Tn NIS +implementations) when used exclusively with +.Bx Free client systems. The -.Tn FreeBSD +.Bx Free password database system (which is derived directly from .Bx 4.4 ) @@ -288,14 +355,17 @@ includes support for The standard password database does not contain users' encrypted passwords: these are instead stored (along with other information) is a separate database which is accessible only by the super-user. -If the encrypted password database were made available as an NIS +If the encrypted password database were made available as an +.Tn NIS map, this security feature would be totally disabled, since any user -is allowed to retrieve NIS data. +is allowed to retrieve +.Tn NIS +data. .Pp To help prevent this, -.Tn FreeBSD Ns 's -NIS server -handles the shadow password maps +.Bx Free Ns 's +.Tn NIS +server handles the shadow password maps .Pf ( Pa master.passwd.byname and .Pa master.passwd.byuid ) @@ -305,20 +375,21 @@ Since only the super-user is allowed to bind to a privileged port, the server assumes that all such requests come from privileged users. All other requests are denied: requests from non-privileged ports will receive only an error code from the server. Additionally, -.Tn FreeBSD Ns 's +.Bx Free Ns 's .Xr ypserv 8 includes support for Wietse Venema's tcp wrapper package; with tcp wrapper support enabled, the administrator can configure .Xr ypserv 8 to respond only to selected client machines. .Pp -While these enhancements provide better security than stock NIS, +While these enhancements provide better security than stock +.Tn NIS Ns , they are by no means 100% effective. It is still possible for someone with access to your network to spoof the server into disclosing the shadow password maps. .Pp On the client side, -.Tn FreeBSD Ns 's +.Bx Free Ns 's .Fn getpwent 3 functions will automatically search for the .Pa master.passwd @@ -328,35 +399,54 @@ expiration) will be decoded. If they aren't found, the standard .Pa passwd maps will be used instead. .Sh COMPATIBILITY -Some systems, such as SunOS 4.x, need NIS to be running in order +Some systems, such as SunOS 4.x, need +.Tn NIS +to be running in order for their hostname resolution functions ( .Fn gethostbyname , .Fn gethostbyaddr , etc) to work properly. On these systems, .Xr ypserv 8 -performs DNS lookups when asked to return information about +performs +.Tn DNS +lookups when asked to return information about a host that doesn't exist in its .Pa hosts.byname or .Pa hosts.byaddr maps. -.Tn FreeBSD Ns 's -resolver uses DNS by default (it can be made to use -NIS, if desired), therefore its NIS server doesn't do DNS lookups +.Bx Free Ns 's +resolver uses +.Tn DNS +by default (it can be made to use +.Tn NIS Ns , +if desired), therefore its +.Tn NIS +server doesn't do +Tn DNS +lookups by default. However, .Xr ypserv 8 -can be made to perform DNS lookups if it is started with a special -flag. It can also be made to register itself as an NIS v1 server +can be made to perform +.Tn DNS +lookups if it is started with a special +flag. It can also be made to register itself as an +.Tn NIS +v1 server in order to placate certain systems that insist on the presence of a v1 server -.Pf ( Tn FreeBSD -uses only NIS v2, but many other systems, +.Pf ( Bx Free +uses only +.Tn NIS +v2, but many other systems, including .Tn SunOS 4.x, search for both a v1 and v2 server when binding). -.Tn FreeBSD Ns 's +.Bx Free Ns 's .Xr ypserv 8 -does not actually handle NIS v1 requests, but this ``kludge mode'' +does not actually handle +.Tn NIS +v1 requests, but this ``kludge mode'' is useful for silencing stubborn systems that search for both a v1 and v2 server. .Pp @@ -366,14 +456,17 @@ manual page for a detailed description of these special features and flags.) .Sh BUGS While -.Tn FreeBSD -now has both NIS client and server capabilities, -it does not yet have support for +.Bx Free +now has both +.Tn NIS +client and server capabilities, it does not yet have support for .Xr ypupdated 8 or the .Fn yp_update -function. Both of these require secure RPC, which -.Tn FreeBSD +function. Both of these require secure +.Tn RPC Ns , +which +.Bx Free doesn't support yet either. .Pp @@ -381,7 +474,9 @@ The .Xr getservent 3 and .Xr getprotoent 3 -functions do not yet have NIS support. Fortunately, these files +functions do not yet have +.Tn NIS +support. Fortunately, these files don't need to be updated that often. .Pp Many more manual pages should be written, especially @@ -395,9 +490,16 @@ upon bootup. .Sh HISTORY The .Nm YP -subsystem was written from the ground up by Theo de Raadt +subsystem was written from the ground up by +.An Theo de Raadt to be compatible to Sun's implementation. Bug fixes, improvements -and NIS server support were later added by Bill Paul. The server-side -code was originally written by Peter Eriksson and Tobias Reber and -is subject to the GNU Public License. No Sun code was +and +.Tn NIS +server support were later added by +.An Bill Paul Ns . +The server-side code was originally written by +.An Peter Eriksson +and +.An Tobias Reber +and is subject to the GNU Public License. No Sun code was referenced. -- cgit v1.1