HardenedBSD/usr.sbin/ypbind/ypbind.8
Mike Pritchard 78b0b234eb Correct a bunch of man page cross references and generally
try and silence "manck".

ncurses, rpc, and some of the gnu stuff are still a big mess, however.
1996-02-11 22:38:05 +00:00

163 lines
5.9 KiB
Groff

.\" Copyright (c) 1991, 1993, 1995
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: ypbind.8,v 1.3 1995/07/20 22:33:02 wpaul Exp $
.\"
.Dd April 9, 1995
.Dt YPBIND 8
.Os
.Sh NAME
.Nm ypbind
.Nd "NIS domain binding daemon"
.Sh SYNOPSIS
.Nm ypbind
.Op Fl ypset
.Op Fl ypsetme
.Op Fl s
.Op Fl S Ar domainname,server1,server2,...
.Sh DESCRIPTION
.Nm ypbind
is the process that maintains NIS binding information. At startup,
it searches for an NIS server responsible for serving the system's
default domain (as set by the
.Xr domainname 1
command) using network broadcasts.
Once it receives a reply,
it will store the address of the server and other
information in a special file located in
.Pa /var/yp/binding .
The NIS routines in the standard C library can then use this file
when processing NIS requests. There may be several such files
since it is possible for an NIS client to be bound to more than
one domain.
.Pp
After a binding has been established,
.Nm ypbind
will send DOMAIN_NONACK requests to the NIS server at one minute
intervals. If it fails to receive a reply to one of these requests
.Nm ypbind
assumes that the server is no longer running and resumes its network
broadcasts until another binding is established.
.Nm ypbind
will also log warning messages using the syslog(3) facility each time
it detects that a server has stopped responding, as well as when it
has bound to a new server.
.Pp
.Sh OPTIONS
The following options are supported by
.Nm ypbind :
.Bl -tag -width flag
.It Fl ypset
It is possible to force
.Nm ypbind
to bind to a particular NIS server host for a given domain by using the
.Xr ypset 8
command. However,
.Nm ypbind
refuses YPBINDPROC_SETDOM requests by default since it has no way of
knowing exactly who is sending them. Using the
.Fl ypset
flag causes
.Nm ypbind
to accept YPBINDPROC_SETDOM requests from any host. This option should only
be used for diagnostic purposes and only for limited periods since allowing
arbitrary users to reset the binding of an NIS client poses a severe
security risk.
.It Fl ypsetme
This is similar to the
.Fl ypset
flag, except that it only permits YPBINDPROC_SETDOM requests to be processed
if they originated from the local host.
.It Fl s
The
.Fl s
flag causes
.Nm ypbind
to run in secure mode: it will refuse to bind to any NIS server
that is not running as root (i.e. that is not using privileged
TCP ports).
.It Fl S Ar domainname,server1,server2,server3,...
The
.Fl S
flag allows the system administrator to lock ypbind to a particular
domain and group of NIS servers. Up to ten servers can be specified.
There must not be any spaces between the commas in the domain/server
specification. This option is used to insure that that the system binds
only to one domain and only to one of the specified servers, which
is useful for systems that are both NIS servers and NIS
clients: it provides a way to restrict what machines the system can
bind to without the need for specifying the
.Fl ypset
or
.Fl ypsetme
options, which are often considered to be security holes. The specified
servers must have valid entries in the local
.Pa /etc/hosts
file. IP addresses may be specified in place of hostnames. If
.Nm ypbind
can't make sense ouf of the arguments, it will ignore
the
.Fl S
flag and continue running normally.
.Pp
Note that
.Nm ypbind
will consider the domainname specified with the
.Fl S
flag to be the system default domain.
.Sh NOTES
.Nm ypbind
will not make continuous attempts to keep secondary domains bound.
If a server for a second dary domain fails to respond to a ping,
.Nm ypbind
will broadcast for a new server only once before giving up. If a
client program attempts to reference the unbound domain, ypbind will
try broadcasting again. By contrast,
.Nm ypbind
will automatically maintain a binding for the default domain whether
client programs reference it ot not.
.Sh FILES
.Bl -tag -width Pa -compact
.It Pa /var/yp/binding/[domainname].[version]
The files used to hold binding information for each NIS domain.
.It Pa /etc/sysconfig
System configuration file where the system default domain and
ypbind startup options are specified.
.El
.Sh SEE ALSO
.Xr domainname 1 ,
.Xr syslog 3 ,
.Xr yp 4
.Xr ypserv 8 ,
.Xr ypset 8
.Sh AUTHOR
Theo de Raadt <deraadt@fsa.ca>