xref: /freebsd/usr.sbin/ypserv/ypserv.8 (revision 491a8429624c0cf6c17e6e0b80d6a09e3b347984)
1778c7b1cSBill Paul.\" Copyright (c) 1995
2778c7b1cSBill Paul.\"	Bill Paul <wpaul@ctr.columbia.edu>.  All rights reserved.
3778c7b1cSBill Paul.\"
4778c7b1cSBill Paul.\" Redistribution and use in source and binary forms, with or without
5778c7b1cSBill Paul.\" modification, are permitted provided that the following conditions
6778c7b1cSBill Paul.\" are met:
7778c7b1cSBill Paul.\" 1. Redistributions of source code must retain the above copyright
8778c7b1cSBill Paul.\"    notice, this list of conditions and the following disclaimer.
9778c7b1cSBill Paul.\" 2. Redistributions in binary form must reproduce the above copyright
10778c7b1cSBill Paul.\"    notice, this list of conditions and the following disclaimer in the
11778c7b1cSBill Paul.\"    documentation and/or other materials provided with the distribution.
12778c7b1cSBill Paul.\" 3. All advertising materials mentioning features or use of this software
13778c7b1cSBill Paul.\"    must display the following acknowledgement:
14778c7b1cSBill Paul.\"	This product includes software developed by Bill Paul.
15778c7b1cSBill Paul.\" 4. Neither the name of the author nor the names of any co-contributors
16778c7b1cSBill Paul.\"    may be used to endorse or promote products derived from this software
17778c7b1cSBill Paul.\"    without specific prior written permission.
18778c7b1cSBill Paul.\"
19778c7b1cSBill Paul.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
20778c7b1cSBill Paul.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21778c7b1cSBill Paul.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22778c7b1cSBill Paul.\" ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
23778c7b1cSBill Paul.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24778c7b1cSBill Paul.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25778c7b1cSBill Paul.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26778c7b1cSBill Paul.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27778c7b1cSBill Paul.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28778c7b1cSBill Paul.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29778c7b1cSBill Paul.\" SUCH DAMAGE.
30778c7b1cSBill Paul.\"
3197d92980SPeter Wemm.\" $FreeBSD$
32778c7b1cSBill Paul.\"
33778c7b1cSBill Paul.Dd February 4, 1995
34778c7b1cSBill Paul.Dt YPSERV 8
35778c7b1cSBill Paul.Os
36778c7b1cSBill Paul.Sh NAME
37778c7b1cSBill Paul.Nm ypserv
386ecb7b20SJohn-Mark Gurney.Nd NIS database server
39778c7b1cSBill Paul.Sh SYNOPSIS
406ecb7b20SJohn-Mark Gurney.Nm
41778c7b1cSBill Paul.Op Fl n
42778c7b1cSBill Paul.Op Fl d
43778c7b1cSBill Paul.Op Fl p Ar path
44778c7b1cSBill Paul.Sh DESCRIPTION
456ecb7b20SJohn-Mark Gurney.Tn NIS
46778c7b1cSBill Paulis an RPC-based service designed to allow a number of UNIX-based
47f2e366a1SSheldon Hearnmachines to share a common set of configuration files.
48f2e366a1SSheldon HearnRather than
49778c7b1cSBill Paulrequiring a system administrator to update several copies of files
50778c7b1cSBill Paulsuch as
51778c7b1cSBill Paul.Pa /etc/hosts ,
52778c7b1cSBill Paul.Pa /etc/passwd
53778c7b1cSBill Pauland
54778c7b1cSBill Paul.Pa /etc/group ,
5598834523SPhilippe Charnierwhich tend to require frequent changes in most environments,
5698834523SPhilippe Charnier.Tn NIS
57778c7b1cSBill Paulallows groups of computers to share one set of data which can be
58778c7b1cSBill Paulupdated from a single location.
59778c7b1cSBill Paul.Pp
606ecb7b20SJohn-Mark GurneyThe
616ecb7b20SJohn-Mark Gurney.Nm
6298834523SPhilippe Charnierprogram is the server that distributes
6398834523SPhilippe Charnier.Tn NIS
6498834523SPhilippe Charnierdatabases to client systems within an
6598834523SPhilippe Charnier.Tn NIS
666ecb7b20SJohn-Mark Gurney.Em domain .
6798834523SPhilippe CharnierEach client in an
6898834523SPhilippe Charnier.Tn NIS
6998834523SPhilippe Charnierdomain must have its domainname set to
70778c7b1cSBill Paulone of the domains served by
716ecb7b20SJohn-Mark Gurney.Nm
72778c7b1cSBill Paulusing the
73778c7b1cSBill Paul.Xr domainname 1
74f2e366a1SSheldon Hearncommand.
75f2e366a1SSheldon HearnThe clients must also run
76778c7b1cSBill Paul.Xr ypbind 8
77778c7b1cSBill Paulin order to attach to a particular server, since it is possible to
7898834523SPhilippe Charnierhave several servers within a single
7998834523SPhilippe Charnier.Tn NIS
8098834523SPhilippe Charnierdomain.
81778c7b1cSBill Paul.Pp
82778c7b1cSBill PaulThe databases distributed by
836ecb7b20SJohn-Mark Gurney.Nm
84778c7b1cSBill Paulare stored in
85778c7b1cSBill Paul.Pa /var/yp/[domainname]
86778c7b1cSBill Paulwhere
87778c7b1cSBill Paul.Pa domainname
88f2e366a1SSheldon Hearnis the name of the domain being served.
89f2e366a1SSheldon HearnThere can be several
90778c7b1cSBill Paulsuch directories with different domainnames, and you need only one
916ecb7b20SJohn-Mark Gurney.Nm
92778c7b1cSBill Pauldaemon to handle them all.
93778c7b1cSBill Paul.Pp
94778c7b1cSBill PaulThe databases, or
95778c7b1cSBill Paul.Pa maps
96778c7b1cSBill Paulas they are often called,
97778c7b1cSBill Paulare created by
986ecb7b20SJohn-Mark Gurney.Pa /var/yp/Makefile
99f2e366a1SSheldon Hearnusing several system files as source.
100f2e366a1SSheldon HearnThe database files are in
101778c7b1cSBill Paul.Xr db 3
102778c7b1cSBill Paulformat to help speed retrieval when there are many records involved.
10398834523SPhilippe CharnierIn
10414201ae6SMike Pritchard.Fx ,
10598834523SPhilippe Charnierthe maps are always readable and writable only by root for security
106f2e366a1SSheldon Hearnreasons.
107f2e366a1SSheldon HearnTechnically this is only necessary for the password
108778c7b1cSBill Paulmaps, but since the data in the other maps can be found in
109778c7b1cSBill Paulother world-readable files anyway, it doesn't hurt and it's considered
110778c7b1cSBill Paulgood general practice.
111778c7b1cSBill Paul.Pp
1126ecb7b20SJohn-Mark GurneyThe
1136ecb7b20SJohn-Mark Gurney.Nm
1146ecb7b20SJohn-Mark Gurneyprogram is started by
11598834523SPhilippe Charnier.Pa /etc/rc.network
116778c7b1cSBill Paulif it has been enabled in
11798834523SPhilippe Charnier.Pa /etc/rc.conf .
118778c7b1cSBill Paul.Sh SPECIAL FEATURES
11914201ae6SMike PritchardThere are some problems associated with distributing a
12014201ae6SMike Pritchard.Fx
12114201ae6SMike Pritchardpassword
12298834523SPhilippe Charnierdatabase via
12398834523SPhilippe Charnier.Tn NIS Ns :
12414201ae6SMike Pritchard.Fx
12598834523SPhilippe Charniernormally only stores encrypted passwords
126778c7b1cSBill Paulin
127778c7b1cSBill Paul.Pa /etc/master.passwd ,
128f2e366a1SSheldon Hearnwhich is readable and writable only by root.
129f2e366a1SSheldon HearnBy turning this file
13098834523SPhilippe Charnierinto an
13198834523SPhilippe Charnier.Tn NIS
13298834523SPhilippe Charniermap, this security feature would be completely defeated.
133778c7b1cSBill Paul.Pp
13498834523SPhilippe CharnierTo make up for this, the
13514201ae6SMike Pritchard.Fx
13698834523SPhilippe Charnierversion of
1376ecb7b20SJohn-Mark Gurney.Nm
138778c7b1cSBill Paulhandles the
139778c7b1cSBill Paul.Pa master.passwd.byname
140778c7b1cSBill Pauland
141c192455bSJeroen Ruigrok van der Werven.Pa master.passwd.byuid
142f2e366a1SSheldon Hearnmaps in a special way.
143f2e366a1SSheldon HearnWhen the server receives a request to access
144778c7b1cSBill Pauleither of these two maps, it will check the TCP port from which the
145778c7b1cSBill Paulrequest originated and return an error if the port number is greater
1464e86fcacSSheldon Hearnthan 1023.
1474e86fcacSSheldon HearnSince only the superuser is allowed to bind to TCP ports
148778c7b1cSBill Paulwith values less than 1024, the server can use this test to determine
149778c7b1cSBill Paulwhether or not the access request came from a privileged user.
150778c7b1cSBill PaulAny requests made by non-privileged users are therefore rejected.
151778c7b1cSBill Paul.Pp
152778c7b1cSBill PaulFurthermore, the
153778c7b1cSBill Paul.Xr getpwent 3
15414201ae6SMike Pritchardroutines in the
15514201ae6SMike Pritchard.Fx
15698834523SPhilippe Charnierstandard C library will only attempt to retrieve
157778c7b1cSBill Pauldata from the
158778c7b1cSBill Paul.Pa master.passwd.byname
159778c7b1cSBill Pauland
160778c7b1cSBill Paul.Pa master.passwd.byuid
161778c7b1cSBill Paulmaps for the superuser: if a normal user calls any of these functions,
162778c7b1cSBill Paulthe standard
163778c7b1cSBill Paul.Pa passwd.byname
164778c7b1cSBill Pauland
165778c7b1cSBill Paul.Pa passwd.byuid
166f2e366a1SSheldon Hearnmaps will be accessed instead.
167f2e366a1SSheldon HearnThe latter two maps are constructed by
1686ecb7b20SJohn-Mark Gurney.Pa /var/yp/Makefile
169778c7b1cSBill Paulby parsing the
170778c7b1cSBill Paul.Pa master.passwd
171778c7b1cSBill Paulfile and stripping out the password fields, and are therefore
172f2e366a1SSheldon Hearnsafe to pass on to unprivileged users.
173f2e366a1SSheldon HearnIn this way, the shadow password
174778c7b1cSBill Paulaspect of the protected
175778c7b1cSBill Paul.Pa master.passwd
17698834523SPhilippe Charnierdatabase is maintained through
17798834523SPhilippe Charnier.Tn NIS .
178778c7b1cSBill Paul.Sh NOTES
17942e3d43bSGuy Helmer.Ss Setting Up Master and Slave Servers
18042e3d43bSGuy Helmer.Xr ypinit 8
18142e3d43bSGuy Helmeris a convenient script that will help setup master and slave
18242e3d43bSGuy Helmer.Tn NIS
18342e3d43bSGuy Helmerservers.
184778c7b1cSBill Paul.Ss Limitations
18598834523SPhilippe CharnierThere are two problems inherent with password shadowing in
18698834523SPhilippe Charnier.Tn NIS
187778c7b1cSBill Paulthat users should
188778c7b1cSBill Paulbe aware of:
189778c7b1cSBill Paul.Bl -enum -offset indent
190778c7b1cSBill Paul.It
1916ecb7b20SJohn-Mark GurneyThe
1926ecb7b20SJohn-Mark Gurney.Sq TCP port less than 1024
1936ecb7b20SJohn-Mark Gurneytest is trivial to defeat for users with
194778c7b1cSBill Paulunrestricted access to machines on your network (even those machines
195778c7b1cSBill Paulwhich do not run UNIX-based operating systems).
196778c7b1cSBill Paul.It
19798834523SPhilippe CharnierIf you plan to use a
19814201ae6SMike Pritchard.Fx
19998834523SPhilippe Charniersystem to serve
200b5c508fbSRuslan Ermilov.No non- Ns Fx
20198834523SPhilippe Charnierclients that
202778c7b1cSBill Paulhave no support for password shadowing (which is most of them), you
203778c7b1cSBill Paulwill have to disable the password shadowing entirely by uncommenting the
2046ecb7b20SJohn-Mark Gurney.Em UNSECURE=True
205778c7b1cSBill Paulentry in
2066ecb7b20SJohn-Mark Gurney.Pa /var/yp/Makefile .
207778c7b1cSBill PaulThis will cause the standard
208778c7b1cSBill Paul.Pa passwd.byname
209778c7b1cSBill Pauland
210778c7b1cSBill Paul.Pa passwd.byuid
211778c7b1cSBill Paulmaps to be generated with valid encrypted password fields, which is
21298834523SPhilippe Charniernecessary in order for
213b5c508fbSRuslan Ermilov.No non- Ns Fx
21498834523SPhilippe Charnierclients to perform user
21598834523SPhilippe Charnierauthentication through
21698834523SPhilippe Charnier.Tn NIS .
217778c7b1cSBill Paul.El
218778c7b1cSBill Paul.Pp
219778c7b1cSBill Paul.Ss Security
220f7f470a8SBill PaulIn general, any remote user can issue an RPC to
2216ecb7b20SJohn-Mark Gurney.Nm
22298834523SPhilippe Charnierand retrieve the contents of your
22398834523SPhilippe Charnier.Tn NIS
22498834523SPhilippe Charniermaps, provided the remote user
225f2e366a1SSheldon Hearnknows your domain name.
226f2e366a1SSheldon HearnTo prevent such unauthorized transactions,
2276ecb7b20SJohn-Mark Gurney.Nm
228f7f470a8SBill Paulsupports a feature called
229f7f470a8SBill Paul.Pa securenets
230f7f470a8SBill Paulwhich can be used to restrict access to a given set of hosts.
231f7f470a8SBill PaulAt startup,
2326ecb7b20SJohn-Mark Gurney.Nm
233f7f470a8SBill Paulwill attempt to load the securenets information from a file
234f7f470a8SBill Paulcalled
2356ecb7b20SJohn-Mark Gurney.Pa /var/yp/securenets .
236f7f470a8SBill Paul(Note that this path varies depending on the path specified with
237f7f470a8SBill Paulthe
238f7f470a8SBill Paul.Fl p
2394e86fcacSSheldon Hearnoption, which is explained below.)
2404e86fcacSSheldon HearnThis file contains entries
241f7f470a8SBill Paulthat consist of a network specification and a network mask separated
242f7f470a8SBill Paulby white space.
2436ecb7b20SJohn-Mark GurneyLines starting with
2446ecb7b20SJohn-Mark Gurney.Dq \&#
245f2e366a1SSheldon Hearnare considered to be comments.
246f2e366a1SSheldon HearnA
247f7f470a8SBill Paulsample securenets file might look like this:
248f7f470a8SBill Paul.Bd -unfilled -offset indent
249f7f470a8SBill Paul# allow connections from local host -- mandatory
250f7f470a8SBill Paul127.0.0.1     255.255.255.255
251f7f470a8SBill Paul# allow connections from any host
25250aedc81SJustin M. Seger# on the 192.168.128.0 network
253f7f470a8SBill Paul192.168.128.0 255.255.255.0
254f7f470a8SBill Paul# allow connections from any host
255f7f470a8SBill Paul# between 10.0.0.0 to 10.0.15.255
256f7f470a8SBill Paul10.0.0.0      255.255.240.0
257f7f470a8SBill Paul.Ed
258f7f470a8SBill Paul.Pp
259f7f470a8SBill PaulIf
2606ecb7b20SJohn-Mark Gurney.Nm
261f7f470a8SBill Paulreceives a request from an address that matches one of these rules,
262f2e366a1SSheldon Hearnit will process the request normally.
263f2e366a1SSheldon HearnIf the address fails to match
264f7f470a8SBill Paula rule, the request will be ignored and a warning message will be
265f2e366a1SSheldon Hearnlogged.
266f2e366a1SSheldon HearnIf the
267f7f470a8SBill Paul.Pa /var/yp/securenets
268f7f470a8SBill Paulfile does not exist,
2696ecb7b20SJohn-Mark Gurney.Nm
270f7f470a8SBill Paulwill allow connections from any host.
271f7f470a8SBill Paul.Pp
2726ecb7b20SJohn-Mark GurneyThe
2736ecb7b20SJohn-Mark Gurney.Nm
2746ecb7b20SJohn-Mark Gurneyprogram also has support for Wietse Venema's
2756ecb7b20SJohn-Mark Gurney.Em tcpwrapper
276f7f470a8SBill Paulpackage, though it is not compiled in by default since
277778c7b1cSBill Paulthe
2786ecb7b20SJohn-Mark Gurney.Em tcpwrapper
27998834523SPhilippe Charnierpackage is not distributed with
28014201ae6SMike Pritchard.Fx .
28198834523SPhilippe CharnierHowever, if you have
2826ecb7b20SJohn-Mark Gurney.Pa libwrap.a
283778c7b1cSBill Pauland
2846ecb7b20SJohn-Mark Gurney.Pa tcpd.h ,
285778c7b1cSBill Paulyou can easily recompile
2866ecb7b20SJohn-Mark Gurney.Nm
287f2e366a1SSheldon Hearnwith them.
288f2e366a1SSheldon HearnThis allows the administrator to use the tcpwrapper
28994ba280cSRuslan Ermilovconfiguration files
29094ba280cSRuslan Ermilov.Pa ( /etc/hosts.allow
291f7f470a8SBill Pauland
292f7f470a8SBill Paul.Pa /etc/hosts.deny )
293f7f470a8SBill Paulfor access control instead of
294f7f470a8SBill Paul.Pa /var/yp/securenets .
295f7f470a8SBill Paul.Pp
296f7f470a8SBill PaulNote: while both of these access control mechanisms provide some
297f7f470a8SBill Paulsecurity, they, like the privileged port test, are both vulnerable
2986ecb7b20SJohn-Mark Gurneyto
2996ecb7b20SJohn-Mark Gurney.Dq IP spoofing
3006ecb7b20SJohn-Mark Gurneyattacks.
301778c7b1cSBill Paul.Pp
3029573c1f1SBill Paul.Ss NIS v1 compatibility
3039573c1f1SBill PaulThis version of
3046ecb7b20SJohn-Mark Gurney.Nm
30598834523SPhilippe Charnierhas some support for serving
30698834523SPhilippe Charnier.Tn NIS
30798834523SPhilippe Charnierv1 clients.
30814201ae6SMike PritchardThe
30914201ae6SMike Pritchard.Fx
31098834523SPhilippe Charnier.Tn NIS
31198834523SPhilippe Charnierimplementation only uses the
31298834523SPhilippe Charnier.Tn NIS
31398834523SPhilippe Charnierv2 protocol, however other implementations
3149abcd271SGuido van Rooijinclude support for the v1 protocol for backwards compatibility
315f2e366a1SSheldon Hearnwith older systems.
316f2e366a1SSheldon HearnThe
3179573c1f1SBill Paul.Xr ypbind 8
3189573c1f1SBill Pauldaemons supplied with these systems will try to establish a binding
31998834523SPhilippe Charnierto an
32098834523SPhilippe Charnier.Tn NIS
32198834523SPhilippe Charnierv1 server even though they may never actually need it (and they may
3229573c1f1SBill Paulpersist in broadcasting in search of one even after they receive a
3239573c1f1SBill Paulresponse from a v2 server). Note that while
3249573c1f1SBill Paulsupport for normal client calls is provided, this version of
3256ecb7b20SJohn-Mark Gurney.Nm
3269573c1f1SBill Pauldoes not handle v1 map transfer requests; consequently, it cannot
32798834523SPhilippe Charnierbe used as a master or slave in conjunction with older
32898834523SPhilippe Charnier.Tn NIS
32998834523SPhilippe Charnierservers that
330f2e366a1SSheldon Hearnonly support the v1 protocol.
331f2e366a1SSheldon HearnFortunately, there probably aren't any
3329573c1f1SBill Paulsuch servers still in use today.
333778c7b1cSBill Paul.Ss NIS servers that are also NIS clients
334778c7b1cSBill PaulCare must be taken when running
3356ecb7b20SJohn-Mark Gurney.Nm
336778c7b1cSBill Paulin a multi-server domain where the server machines are also
33798834523SPhilippe Charnier.Tn NIS
338f2e366a1SSheldon Hearnclients.
339f2e366a1SSheldon HearnIt is generally a good idea to force the servers to
340778c7b1cSBill Paulbind to themselves rather than allowing them to broadcast bind
341778c7b1cSBill Paulrequests and possibly become bound to each other: strange failure
342778c7b1cSBill Paulmodes can result if one server goes down and
3434e86fcacSSheldon Hearnothers are dependent upon on it.
3444e86fcacSSheldon Hearn(Eventually all the clients will
345778c7b1cSBill Paultime out and attempt to bind to other servers, but the delay
346778c7b1cSBill Paulinvolved can be considerable and the failure mode is still present
347778c7b1cSBill Paulsince the servers might bind to each other all over again).
348778c7b1cSBill Paul.Pp
349778c7b1cSBill PaulRefer to the
350778c7b1cSBill Paul.Xr ypbind 8
351778c7b1cSBill Paulman page for details on how to force it to bind to a particular
352778c7b1cSBill Paulserver.
353778c7b1cSBill Paul.Sh OPTIONS
354778c7b1cSBill PaulThe following options are supported by
355e97407b4SRuslan Ermilov.Nm :
356778c7b1cSBill Paul.Bl -tag -width flag
357778c7b1cSBill Paul.It Fl n
358778c7b1cSBill PaulThis option affects the way
3596ecb7b20SJohn-Mark Gurney.Nm
360778c7b1cSBill Paulhandles yp_match requests for the
361778c7b1cSBill Paul.Pa hosts.byname
362778c7b1cSBill Pauland
363778c7b1cSBill Paul.Pa hosts.byaddress
364f2e366a1SSheldon Hearnmaps.
365f2e366a1SSheldon HearnBy default, if
3666ecb7b20SJohn-Mark Gurney.Nm
367778c7b1cSBill Paulcan't find an entry for a given host in its hosts maps, it will
368f2e366a1SSheldon Hearnreturn an error and perform no further processing.
369f2e366a1SSheldon HearnWith the
370778c7b1cSBill Paul.Fl n
371778c7b1cSBill Paulflag,
3726ecb7b20SJohn-Mark Gurney.Nm
373778c7b1cSBill Paulwill go one step further: rather than giving up immediately, it
374778c7b1cSBill Paulwill try to resolve the hostname or address using a DNS nameserver
375f2e366a1SSheldon Hearnquery.
376f2e366a1SSheldon HearnIf the query is successful,
3776ecb7b20SJohn-Mark Gurney.Nm
378778c7b1cSBill Paulwill construct a fake database record and return it to the client,
379778c7b1cSBill Paulthereby making it seem as though the client's yp_match request
380778c7b1cSBill Paulsucceeded.
381778c7b1cSBill Paul.Pp
382f7f470a8SBill PaulThis feature is provided for compatiblity with SunOS 4.1.x,
383778c7b1cSBill Paulwhich has brain-damaged resolver functions in its standard C
38498834523SPhilippe Charnierlibrary that depend on
38598834523SPhilippe Charnier.Tn NIS
38698834523SPhilippe Charnierfor hostname and address resolution.
38714201ae6SMike PritchardThe
38814201ae6SMike Pritchard.Fx
38998834523SPhilippe Charnierresolver can be configured to do DNS
390778c7b1cSBill Paulqueries directly, therefore it is not necessary to enable this
39198834523SPhilippe Charnieroption when serving only
39214201ae6SMike Pritchard.Fx
39398834523SPhilippe Charnier.Tn NIS
39498834523SPhilippe Charnierclients.
395778c7b1cSBill Paul.It Fl d
396f2e366a1SSheldon HearnCause the server to run in debugging mode.
397f2e366a1SSheldon HearnNormally,
3986ecb7b20SJohn-Mark Gurney.Nm
399778c7b1cSBill Paulreports only unusual errors (access violations, file access failures)
400778c7b1cSBill Paulusing the
401778c7b1cSBill Paul.Xr syslog 3
402f2e366a1SSheldon Hearnfacility.
403f2e366a1SSheldon HearnIn debug mode, the server does not background
404778c7b1cSBill Paulitself and prints extra status messages to stderr for each
405f2e366a1SSheldon Hearnrequest that it receives.
406f2e366a1SSheldon HearnAlso, while running in debug mode,
4076ecb7b20SJohn-Mark Gurney.Nm
408778c7b1cSBill Paulwill not spawn any additional subprocesses as it normally does
4094e86fcacSSheldon Hearnwhen handling yp_all requests or doing DNS lookups.
4104e86fcacSSheldon Hearn(These actions
411778c7b1cSBill Pauloften take a fair amount of time to complete and are therefore handled
412778c7b1cSBill Paulin subprocesses, allowing the parent server process to go on handling
4134e86fcacSSheldon Hearnother requests.)
4144e86fcacSSheldon HearnThis makes it easier to trace the server with
415778c7b1cSBill Paula debugging tool.
416778c7b1cSBill Paul.It Fl p Ar path
417778c7b1cSBill PaulNormally,
4186ecb7b20SJohn-Mark Gurney.Nm
41998834523SPhilippe Charnierassumes that all
42098834523SPhilippe Charnier.Tn NIS
42198834523SPhilippe Charniermaps are stored under
422778c7b1cSBill Paul.Pa /var/yp .
423778c7b1cSBill PaulThe
424778c7b1cSBill Paul.Fl p
42598834523SPhilippe Charnierflag may be used to specify an alternate
42698834523SPhilippe Charnier.Tn NIS
42798834523SPhilippe Charnierroot path, allowing
428778c7b1cSBill Paulthe system administrator to move the map files to a different place
429778c7b1cSBill Paulwithin the filesystem.
430778c7b1cSBill Paul.El
431778c7b1cSBill Paul.Sh FILES
432778c7b1cSBill Paul.Bl -tag -width Pa -compact
433778c7b1cSBill Paul.It Pa /var/yp/[domainname]/[maps]
43498834523SPhilippe Charnierthe
43598834523SPhilippe Charnier.Tn NIS
43698834523SPhilippe Charniermaps
437248aee62SJacques Vidrine.It Pa /etc/nsswitch.conf
438248aee62SJacques Vidrinename switch configuration file
439f7f470a8SBill Paul.It Pa /var/yp/securenets
44098834523SPhilippe Charnierhost access control file
441778c7b1cSBill Paul.El
442778c7b1cSBill Paul.Sh SEE ALSO
443906c1e27SMike Pritchard.Xr ypcat 1 ,
444906c1e27SMike Pritchard.Xr db 3 ,
44532fdc705SMike Pritchard.Xr rpc.yppasswdd 8 ,
446491a8429SRuslan Ermilov.Xr yp 8 ,
447778c7b1cSBill Paul.Xr ypbind 8 ,
44842e3d43bSGuy Helmer.Xr ypinit 8 ,
449778c7b1cSBill Paul.Xr yppush 8 ,
450906c1e27SMike Pritchard.Xr ypxfr 8
451f12a1471SPhilippe Charnier.Sh AUTHORS
45298834523SPhilippe Charnier.An Bill Paul Aq wpaul@ctr.columbia.edu
453778c7b1cSBill Paul.Sh HISTORY
454778c7b1cSBill PaulThis version of
4556ecb7b20SJohn-Mark Gurney.Nm
45685cf659aSMike Pritchardfirst appeared in
45785cf659aSMike Pritchard.Fx 2.2 .
458