mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 05:21:08 +01:00
78b0b234eb
try and silence "manck". ncurses, rpc, and some of the gnu stuff are still a big mess, however.
163 lines
5.9 KiB
Groff
163 lines
5.9 KiB
Groff
.\" Copyright (c) 1991, 1993, 1995
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id: ypbind.8,v 1.3 1995/07/20 22:33:02 wpaul Exp $
|
|
.\"
|
|
.Dd April 9, 1995
|
|
.Dt YPBIND 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm ypbind
|
|
.Nd "NIS domain binding daemon"
|
|
.Sh SYNOPSIS
|
|
.Nm ypbind
|
|
.Op Fl ypset
|
|
.Op Fl ypsetme
|
|
.Op Fl s
|
|
.Op Fl S Ar domainname,server1,server2,...
|
|
.Sh DESCRIPTION
|
|
.Nm ypbind
|
|
is the process that maintains NIS binding information. At startup,
|
|
it searches for an NIS server responsible for serving the system's
|
|
default domain (as set by the
|
|
.Xr domainname 1
|
|
command) using network broadcasts.
|
|
Once it receives a reply,
|
|
it will store the address of the server and other
|
|
information in a special file located in
|
|
.Pa /var/yp/binding .
|
|
The NIS routines in the standard C library can then use this file
|
|
when processing NIS requests. There may be several such files
|
|
since it is possible for an NIS client to be bound to more than
|
|
one domain.
|
|
.Pp
|
|
After a binding has been established,
|
|
.Nm ypbind
|
|
will send DOMAIN_NONACK requests to the NIS server at one minute
|
|
intervals. If it fails to receive a reply to one of these requests
|
|
.Nm ypbind
|
|
assumes that the server is no longer running and resumes its network
|
|
broadcasts until another binding is established.
|
|
.Nm ypbind
|
|
will also log warning messages using the syslog(3) facility each time
|
|
it detects that a server has stopped responding, as well as when it
|
|
has bound to a new server.
|
|
.Pp
|
|
.Sh OPTIONS
|
|
The following options are supported by
|
|
.Nm ypbind :
|
|
.Bl -tag -width flag
|
|
.It Fl ypset
|
|
It is possible to force
|
|
.Nm ypbind
|
|
to bind to a particular NIS server host for a given domain by using the
|
|
.Xr ypset 8
|
|
command. However,
|
|
.Nm ypbind
|
|
refuses YPBINDPROC_SETDOM requests by default since it has no way of
|
|
knowing exactly who is sending them. Using the
|
|
.Fl ypset
|
|
flag causes
|
|
.Nm ypbind
|
|
to accept YPBINDPROC_SETDOM requests from any host. This option should only
|
|
be used for diagnostic purposes and only for limited periods since allowing
|
|
arbitrary users to reset the binding of an NIS client poses a severe
|
|
security risk.
|
|
.It Fl ypsetme
|
|
This is similar to the
|
|
.Fl ypset
|
|
flag, except that it only permits YPBINDPROC_SETDOM requests to be processed
|
|
if they originated from the local host.
|
|
.It Fl s
|
|
The
|
|
.Fl s
|
|
flag causes
|
|
.Nm ypbind
|
|
to run in secure mode: it will refuse to bind to any NIS server
|
|
that is not running as root (i.e. that is not using privileged
|
|
TCP ports).
|
|
.It Fl S Ar domainname,server1,server2,server3,...
|
|
The
|
|
.Fl S
|
|
flag allows the system administrator to lock ypbind to a particular
|
|
domain and group of NIS servers. Up to ten servers can be specified.
|
|
There must not be any spaces between the commas in the domain/server
|
|
specification. This option is used to insure that that the system binds
|
|
only to one domain and only to one of the specified servers, which
|
|
is useful for systems that are both NIS servers and NIS
|
|
clients: it provides a way to restrict what machines the system can
|
|
bind to without the need for specifying the
|
|
.Fl ypset
|
|
or
|
|
.Fl ypsetme
|
|
options, which are often considered to be security holes. The specified
|
|
servers must have valid entries in the local
|
|
.Pa /etc/hosts
|
|
file. IP addresses may be specified in place of hostnames. If
|
|
.Nm ypbind
|
|
can't make sense ouf of the arguments, it will ignore
|
|
the
|
|
.Fl S
|
|
flag and continue running normally.
|
|
.Pp
|
|
Note that
|
|
.Nm ypbind
|
|
will consider the domainname specified with the
|
|
.Fl S
|
|
flag to be the system default domain.
|
|
.Sh NOTES
|
|
.Nm ypbind
|
|
will not make continuous attempts to keep secondary domains bound.
|
|
If a server for a second dary domain fails to respond to a ping,
|
|
.Nm ypbind
|
|
will broadcast for a new server only once before giving up. If a
|
|
client program attempts to reference the unbound domain, ypbind will
|
|
try broadcasting again. By contrast,
|
|
.Nm ypbind
|
|
will automatically maintain a binding for the default domain whether
|
|
client programs reference it ot not.
|
|
.Sh FILES
|
|
.Bl -tag -width Pa -compact
|
|
.It Pa /var/yp/binding/[domainname].[version]
|
|
The files used to hold binding information for each NIS domain.
|
|
.It Pa /etc/sysconfig
|
|
System configuration file where the system default domain and
|
|
ypbind startup options are specified.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr domainname 1 ,
|
|
.Xr syslog 3 ,
|
|
.Xr yp 4
|
|
.Xr ypserv 8 ,
|
|
.Xr ypset 8
|
|
.Sh AUTHOR
|
|
Theo de Raadt <deraadt@fsa.ca>
|