HardenedBSD src tree
Go to file
Bill Paul b2845e83db This commit adds support to ypbind(8) for binding to non-local servers.
The standard SunOS ypbind(8) (and, until now, the FreeBSD ypbind)
only selects servers based on whether or not they respond to clnt_broadcast().
Ypbind(8) broadcasts to the YPPROC_DOMAIN_NONACK procedure and waits
for answers; whichever server answers first is the one ypbind uses
for the local client binding.

This mechanism fails when binding across subnets is desired. In order
for a client on one subnet to bind to a server on another subnet, the
gateway(s) between the client and server must be configured to forward
broadcasts. If this is not possible, then a slave server must be
installed on the remote subnet. If this is also not possible, you
have to force the client to bind to the remote server with ypset(8).

Unfortunately, this last option is less than ideal. If the remote
server becomes unavailable, ypbind(8) will lose its binding and
revert to its broadcast-based search behavior. Even if there are
other servers available, or even if the original server comes back
up, ypbind(8) will not be able to create a new binding since all
the servers are on remote subnets where its broadcasts won't be heard.
If the administrator isn't around to run ypset(8) again, the system
is hosed.

In some Linux NIS implementations, there exists a yp.conf file where
you can explicitly specify a server address and avoid the use of
ypbind altogether. This is not desireable since it removes the
possibility of binding to an alternate server in the event that the
one specified in yp.conf crashes.

Some people have mentioned to me how they though the 'restricted mode'
operation (using the -S flag) could be used as a solution for this
problem since it allows one to specify a list of servers. In fact,
this is not the case: the -S flag just tells ypbind(8) that when it
listens for replies to its broadcasts, it should only honor them if
the replying hosts appear in the specified restricted list.

This behavior has now been changed. If you use the -m flag in conjunction
with the -S flag, ypbind(8) will use a 'many-cast' instead of a broadcast
for choosing a server. In many-cast mode, ypbind(8) will transmit directly
to the YPPROC_DOMAIN_NONACK procedure of all the servers specified in
the restricted mode list and then wait for a reply. As with the broadcast
method, whichever server from the list answers first is used for the
local binding. All other behavior is the same: ypbind(8) continues
to ping its bound server every 60 seconds to insure it's still alive
and will many-cast again if the server fails to respond. The code used
to achieve this is in yp_ping.c; it includes a couple of modified RPC
library routines.

Note that it is not possible to use this mechanism without using
the restricted list since we need to know the addresses of the available
NIS servers ahead of time in order to transmit to them.

Most-recently-requested by: Tom Samplonius
1997-05-25 19:49:33 +00:00
bin Make sh(1) less aware of the bit fields returned by wait by 1997-05-24 21:04:55 +00:00
contrib This commit was generated by cvs2svn to compensate for changes in r26121, 1997-05-25 15:49:17 +00:00
crypto
eBones
etc Make firewall comment a little more explanatory. 1997-05-24 11:31:56 +00:00
games a bunch of formatting (\t -> \t\t) changes... so I was board one night.. :) 1997-05-23 09:58:43 +00:00
gnu Add ${DESTDIR} in front of absolute paths. 1997-05-23 08:33:59 +00:00
include
lib Use ${DESTDIR} correctly in front of absolute paths. 1997-05-23 08:24:00 +00:00
libexec
lkm Fixed up ssigala@globalnet.it's "Jumping Daemon" screen saver for < v3.0. 1997-05-25 16:06:29 +00:00
release Add rules for building doc back into releases, conditionalized on NODOC. 1997-05-24 20:15:13 +00:00
sbin Use realpath on the source as well as the destination. 1997-05-23 17:07:40 +00:00
secure
share Add a `strip' target which remove the ^H from plain text files. 1997-05-25 12:43:06 +00:00
sys Removed global hwisrs, replacing it with vec (formerly static to icu.s). 1997-05-25 16:58:03 +00:00
tools
usr.bin Typo fix. 1997-05-25 18:47:33 +00:00
usr.sbin This commit adds support to ypbind(8) for binding to non-local servers. 1997-05-25 19:49:33 +00:00
COPYRIGHT
Makefile
README

This is the top level of the FreeBSD source directory.  This file
was last revised on: $Id$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel.  Please see the top of the Makefile for more information on
the standard build targets and compile-time flags.

Building a kernel with config(8) is a somewhat more involved process,
documentation for which can be found at:
   http://www.freebsd.org/handbook/kernelconfig.html
And in the config(8) man page.

The sample kernel configuration files reside in the sys/i386/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file LINT contains entries for all possible devices, not
just those commonly used, and is meant more as a general reference
than an actual kernel configuration file (a kernel built from it
wouldn't even run).


Source Roadmap:
---------------
bin		System/User commands.

contrib		Packages contributed by 3rd parties.

eBones		Kerberos package - NOT FOR EXPORT!

etc		Template files for /etc

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

lib		System libraries.

libexec		System daemons.

lkm		Loadable Kernel Modules.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		DES and DES-related utilities - NOT FOR EXPORT!

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/handbook/synching.html