ypserv(8)ypserv(8)NAME
ypserv, ypbind - Network Information Service (NIS) server and binder
processes
SYNOPSIS
/usr/sbin/ypserv [-a method]
/usr/sbin/ypbind [-s-S domainname,servername1,servername2...]
[-ypset | -ypsetme]
OPTIONS
Specifies the database routines used to store NIS maps. The choices
are: btree -- Recommended when creating and maintaining very large
maps. dbm/ndbm -- For backward compatibility. This is the default.
hash -- A potentially quicker method for managing small maps. Allows
the ypbind process to run in a secure mode. This requires the server
to use a secure port. Allows the system administrator to lock ypbind
to a particular domain and set of servers. Up to four servers can be
specified as follows: /usr/sbin/ypbind -S domain‐
name,server1,server2,server3,server4
Note that there cannot be any spaces around the commas in the
command line. The -S option ensures that this system only binds
to the specified domain and to one of the specified servers. The
servers used with the -S option must have entries in the local
/etc/hosts file. ypbind accepts all ypset requests, unless
restricted by the -S option. ypbind accepts only local ypset
requests.
Note
If neither -ypset nor -ypsetme are specified, ypbind does not
accept ypset requests to bind to a particular server.
DESCRIPTION
The Network Information Service (NIS) provides a distributed data
lookup service for sharing data among networked systems. NIS data is
stored in database files called maps. The databases consist of dbm,
btree, or hash files stored in the /var/yp/src directory. These files
are described in ypfiles(4).
The NIS daemons are /usr/sbin/ypserv, the NIS database lookup server,
and /usr/sbin/ypbind, the NIS binder. The software interface to NIS is
described in ypclnt(3). Administrative tools are described in
yppush(8), ypxfr(8), yppoll(8), and ypwhich(1). Tools to see the con‐
tents of NIS maps are described in ypcat(1), and ypmatch(1). Database
generation and maintenance tools are described in ypmake(8), and
makedbm(8).
Both the ypserv and ypbind daemons are activated at system startup time
by /sbin/init.d/nis. The ypserv daemon runs only on an NIS server
machine with a complete NIS database. The ypbind daemon runs on all
machines using NIS, both NIS servers and clients.
The [-a method] option to ypserv tells ypserv which format the maps are
stored in; either btree, dbm, or hash.
ypserv Daemon
The ypserv daemon's primary function is to look up information in its
local database of NIS maps. The operations performed by ypserv are
defined for the programmer in the <rpcsvc/yp_prot.h> header file.
Communication with ypserv is by means of RPC calls. Lookup functions
are described in ypclnt(3), and are supplied as C-callable functions in
/libc.
There are four lookup functions, all of which are performed on a speci‐
fied map within an NIS domain: Match, Get_first, Get_next, and Get_all.
The Match operation takes a key, and returns the associated value. The
Get_first operation returns the first key-value pair from the map, and
the Get_next operation returns the remaining key-value pairs. The
Get_all operation ships the entire map to the requester.
Two other functions supply information about the map, rather than the
map entries: Get_order_number and Get_master_name. Both the order num‐
ber and the master name exist in the map as key-value pairs, but the
server will not return either through the usual lookup functions. If
the map is examined with makedbm(8), however, they are visible.
Other functions are used within the NIS subsystem itself, and are not
of general interest to NIS clients. They include the
Do_you_serve_this_domain?, the Transfer_map, and the Reinitial‐
ize_internal_state functions.
securenets File
The /etc/yp/securenets file contains a list of subnets that are consid‐
ered trusted and that are allowed to access NIS data using the ypserv
and ypxfrd daemons. It is a user-created file that resides on an NIS
master server and any slave servers.
If the /etc/yp/securenets file does not exist, or exists but contains
no subnets, all IP addresses are accepted. However, anyone on the
Internet that knows the NIS server address and the domain name can
obtain NIS served data, including the passwd file. Using the
securenets file is a recommended method of security.
If you want an NIS slave server, use a /etc/yp/securenets file to
restrict IP addresses to which it serves. The slave server's IP
address must be in the authorization range of entries in the
/etc/yp/securenets file on the NIS master server.
Each entry in the /etc/yp/securenets file contains an IP subnet mask
and a corresponding subnet IP address separated by at least one space.
Lines that do not begin with a digit are considered comments. The file
has the following format:
subnet_mask subnet_ip_address
In the following securenets file example, the first two lines allow
only those IP addresses that are within the subnet 128.30 and
128.211.10 range to access the NIS files. The third line authorizes
the one host at address 128.211.5.6.
255.255.0.0 128.30.0.0 255.255.255.0 128.211.10.0 255.255.255.255
128.211.5.6
ypbind Daemon
The ypbind daemon's function is to remember information that enables
client processes on a single node to communicate with a ypserv process.
The ypbind function must run on every machine that has NIS client ser‐
vice requirements. The ypbind function must be started through an
entry in the /sbin/init.d/nis file.
The information ypbind remembers is called a binding, the association
of a domain name with the internet address of the NIS server, and the
port on that host at which the ypserv process is listening for service
requests. The process of binding is driven by client requests. As a
request for an unbound domain comes in, the ypbind process broadcasts
on the net trying to find a ypserv process that serves maps within that
domain. Since the binding is established by broadcasting, there must
be at least one ypserv process on every net. Once a domain is bound by
a particular ypbind, that same binding is given to every client process
on the node. The ypbind process on the local node or a remote node may
be queried for the binding of a particular domain by using the
ypwhich(1) command.
Bindings are verified before they are given out to a client process.
If ypbind is unable to speak to the ypserv process it is bound to, it
marks the domain as unbound, tells the client process that the domain
is unbound, and tries to bind the domain once again. Requests received
for an unbound domain will fail immediately. In general, a bound domain
is marked as unbound when the node running ypserv crashes or gets over‐
loaded. When the node gets overloaded, ypbind will try to bind to any
NIS server (typically one that is less-heavily loaded) available on the
net.
The ypbind process also accepts requests to set its binding for a par‐
ticular domain. The request is usually generated by the NIS subsystem
itself.
RESTRICTIONS
You must use the same database format for each map in a domain. In
addition, a server serving multiple NIS domains must use the same data‐
base format for all domains.
Although a Tru64 UNIX NIS server that takes advantage of btree files
will be able to store very large maps, NIS slave servers that lack this
feature might have a much smaller limit on the number of map entries
they can handle. It may not be possible to distribute very large maps
from a Tru64 UNIX NIS master server to a slave server that lacks sup‐
port for very large maps. NIS clients are not affected by these
enhancements.
EXAMPLES
The following is an example of the ypserv command used with the btree
format database routine to store NIS maps. ypserv -a b
FILES
If this file exists when ypserv starts up, log information is written
to ypserv.log when error conditions occur. User-created file on the
NIS server that contains a list of trusted subnets that are allowed to
access NIS data using the ypserv and ypxfrd daemons.
SEE ALSO
Commands: ypcat(1), ypmatch(1), yppasswd(1), ypwhich(1), ypmake(8),
yppush(8), ypxfr(8)
Functions: btree(3), dbm(3), dbopen(3), hash(3), ndbm(3), ypclnt(3)
Files: ypfiles(4)
Network Administration: Services
ypserv(8)