HardenedBSD/usr.sbin/ypbind
Bill Paul b2845e83db This commit adds support to ypbind(8) for binding to non-local servers.
The standard SunOS ypbind(8) (and, until now, the FreeBSD ypbind)
only selects servers based on whether or not they respond to clnt_broadcast().
Ypbind(8) broadcasts to the YPPROC_DOMAIN_NONACK procedure and waits
for answers; whichever server answers first is the one ypbind uses
for the local client binding.

This mechanism fails when binding across subnets is desired. In order
for a client on one subnet to bind to a server on another subnet, the
gateway(s) between the client and server must be configured to forward
broadcasts. If this is not possible, then a slave server must be
installed on the remote subnet. If this is also not possible, you
have to force the client to bind to the remote server with ypset(8).

Unfortunately, this last option is less than ideal. If the remote
server becomes unavailable, ypbind(8) will lose its binding and
revert to its broadcast-based search behavior. Even if there are
other servers available, or even if the original server comes back
up, ypbind(8) will not be able to create a new binding since all
the servers are on remote subnets where its broadcasts won't be heard.
If the administrator isn't around to run ypset(8) again, the system
is hosed.

In some Linux NIS implementations, there exists a yp.conf file where
you can explicitly specify a server address and avoid the use of
ypbind altogether. This is not desireable since it removes the
possibility of binding to an alternate server in the event that the
one specified in yp.conf crashes.

Some people have mentioned to me how they though the 'restricted mode'
operation (using the -S flag) could be used as a solution for this
problem since it allows one to specify a list of servers. In fact,
this is not the case: the -S flag just tells ypbind(8) that when it
listens for replies to its broadcasts, it should only honor them if
the replying hosts appear in the specified restricted list.

This behavior has now been changed. If you use the -m flag in conjunction
with the -S flag, ypbind(8) will use a 'many-cast' instead of a broadcast
for choosing a server. In many-cast mode, ypbind(8) will transmit directly
to the YPPROC_DOMAIN_NONACK procedure of all the servers specified in
the restricted mode list and then wait for a reply. As with the broadcast
method, whichever server from the list answers first is used for the
local binding. All other behavior is the same: ypbind(8) continues
to ping its bound server every 60 seconds to insure it's still alive
and will many-cast again if the server fails to respond. The code used
to achieve this is in yp_ping.c; it includes a couple of modified RPC
library routines.

Note that it is not possible to use this mechanism without using
the restricted list since we need to know the addresses of the available
NIS servers ahead of time in order to transmit to them.

Most-recently-requested by: Tom Samplonius
1997-05-25 19:49:33 +00:00
..
Makefile This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
yp_ping.c This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
yp_ping.h This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
ypbind.8 This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
ypbind.c This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00