The Network Information Service (NIS, formerly Yellow Pages) is a distributed data lookup service for sharing information on a local area network (LAN). NIS allows you to coordinate the distribution of database information throughout your networked environment.
This chapter describes describes the NIS environment, how to plan for NIS, how to configure your system for NIS, and how to manage NIS servers and clients.
For introductory information on NIS, see nis_intro(7).
In a NIS environment, systems can have the following roles:
Figure 7-1 shows a domain in which there is a master server, two slave servers, and some clients.
By default, NIS distributes the aliases, group, hosts, mail.aliases, netgroup, networks, passwd, protocols, rpc, and services databases. (The mail.aliases and netgroup database are created exclusively for NIS.) You can also create and distribute site-specific customized databases, such as NFS automount maps. For information on creating automount maps for distribution by NIS, see Appendix C. For information on creating and distributing other site-specific NIS maps, see the Section 7.4.5.
In a C2 secure environment, you can run NIS in a secure mode; thereby creating secure and nonsecure versions of the NIS maps. See Security for more information.
This section describes those tasks you need to do before configuring NIS.
For NIS servers, verify that the Additional Networking Servives subset is installed by entering the following command:
#
setld -i | grep OSFINET
If it is not installed, install it by using the setld command. For more information on installing subsets, see setld(8), the Installation Guide, or the System Administration manual.
Appendix A contains a worksheet that you can use to record the information that you need to configure NIS. If you are viewing this manual online, you can use the print feature to print a copy of this part of the worksheet.
Figure 7-2 shows Part 6 of the Configuration Worksheet. The following sections explain the information you need to record in Part 6 of the worksheet.
An NIS domain is an administrative entity that consists of a master server, one or more slave servers, and numerous clients. All systems in a domain share the same set of NIS database files.
Note
A NIS domain name is not the same as a BIND domain name. If you configure the system with an incorrect NIS domain name, all NIS-related operations (such as logging in and ls -l commands) hang for several minutes, then fail.
Note
The master server and all slave servers are also considered to be NIS clients.
If you choose not to create a mail.aliases file, the nissetup command issues an informational message that it could not find the mail.aliases file while it is building the NIS maps. For information on defining mail aliases, see aliases(4).
If you choose not to create a netgroup file, while it is building the NIS maps, the nissetup command issues an informational message that it could not find the netgroup file. For information on defining network groups, see netgroup(4).
The yppasswdd daemon runs on the master server and allows the master copy of the password file to be updated remotely using the yppasswd command. Digital recommends that you run the yppasswdd daemon.
C2 security, C2 class of trust as defined in the Trusted Computer System Evaluation Criteria (TCSEC), enables you to create secure and nonsecure versions of the NIS maps. Digital UNIX provides secure and nonsecure versions of the passwd file. For more information, see the Security manual and makedbm(8).
Normally, hosts broadcast NIS requests on the network and the first available server answers the request. The -S option allows you to lock the ypbind daemon to a particular domain and set of servers. Requests are made directly to the specified servers, rather than being broadcast. Digital recommends that you run NIS with the -S option configured.
If you choose to run NIS with the -S option configured, you must know the host names and IP addresses of the servers to which you are locking the ypbind daemon.
Security Note
When using the nissetup script to set up an NIS server that is running with enhanced security, you must answer YES to the question about locking the domain name and authorized servers (the ypbind -S option). For a master server, the server is bound to itself by default.
The -ypset option allows a user logged in as root on any system in your domain to bind your system to a particular server. The -ypsetme option allows ypbind to accept -ypset requests only from the local system. Digital recommends that you run NIS with neither the -ypset nor the -ypsetme options.
C2 security, C2 class of trust as defined in the Trusted Computer System Evaluation Criteria (TCSEC), enables you to create secure and nonsecure versions of the NIS maps. Digital UNIX provides secure and nonsecure versions of the passwd file. For more information, see the Security manual and makedbm(8).
Normally, hosts broadcast NIS requests on the network and the first available server answers the request. The -S option allows you to lock the ypbind daemon to a particular domain and set of servers. Requests are made directly to the specified servers, rather than being broadcast. Digital recommends that you run NIS with the -S option configured.
If you choose to run NIS with the -S option configured, you must know the host names and IP addresses of the servers to which you are locking the ypbind daemon.
Security Note
When using the nissetup script to set up an NIS server that is running with enhanced security, you must answer YES to the question about locking the domain name and authorized servers (the ypbind -S option). For a slave server, the server is bound to itself by default and optionally to the master server and any other slave servers.
The -ypset option allows a user running as root on any system in your domain to bind your system to a particular server. The -ypsetme option allows ypbind to accept -ypset requests only from the local system. Digital recommends that you run NIS with neither the -ypset nor the -ypsetme options.
C2 security, C2 class of trust as defined in the Trusted Computer System Evaluation Criteria (TCSEC), enables you to create secure and nonsecure versions of the NIS maps. Digital UNIX provides secure and nonsecure versions of the passwd file. For more information, see the Security manual and makedbm(8).
Normally, hosts broadcast NIS requests on the network and the first available server answers the request. The -S option allows you to lock the ypbind daemon to a particular domain and set of servers. Requests are made directly to the specified servers, rather than being broadcast. Digital recommends that you run NIS with the -S option configured.
If you choose to run NIS with the -S option configured, you must know the host names and IP addresses of the servers to which you are locking the ypbind daemon.
The -ypset option allows a user logged in as root on any system in your domain to bind your system to a particular server. The -ypsetme option allows ypbind to accept -ypset requests only from the local system. Digital recommends that you run NIS with neither the -ypset nor the -ypsetme options.
The automount program, an alternative to mounting remote file systems, allows users to mount remote file systems on an as-needed basis. When NIS is used to distribute automount maps, creating and administering the maps for the NIS domain is the responsibility of the administrator of the NIS master server. For information on creating automount maps, see Appendix C. For information on administering automount maps, see Section 8.1.2.
Whether you use the automount program depends on your site's networking environment.
To configure NIS, use the the nissetup script. You can configure a master server, slave server, or client. See nissetup(8) for more information.
To invoke nissetup, do the following:
Note
For systems without graphics capabilities, you can invoke nissetup from the command line.
You must configure the master NIS server before you can configure the other systems. Prior to using the nissetup script, you must log in as superuser and complete the following presetup tasks:
If a file is absent from the /var/yp/src directory while it is building the default NIS maps, the nissetup command issues an informational message that it could not find that particular file and continues building the maps.
Note
If you copied the passwd file into the /var/yp/src directory, remove the root entry from the file.
If you are using the NIS master server to serve the /etc/auto.master and /etc/auto.home automount maps, you must remove the comment sign (#) from the beginning of each of the following lines. These lines were added to the Makefile for the automount daemon.
.
.
.
#all: passwd group hosts networks rpc services protocols netgroup \ # aliases auto.home auto.master
.
.
.
#$(YPDBDIR)/$(DOM)/auto.home.time: $(DIR)/auto.home # -@if [ -f $(DIR)/auto.home ]; then \ # $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.home | \ # $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.home; \ # $(TOUCH) $(YPDBDIR)/$(DOM)/auto.home.time; \ # $(ECHO) "updated auto.home"; \ # if [ ! $(NOPUSH) ]; then \ # $(YPPUSH) auto.home; \ # $(ECHO) "pushed auto.home"; \ # else \ # : ; \ # fi \ # else \ # $(ECHO) "couldn't find $(DIR)/auto.home"; \ # fi # #$(YPDBDIR)/$(DOM)/auto.master.time: $(DIR)/auto.master # -@if [ -f $(DIR)/auto.master ]; then \ # $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/auto.master | \ # $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.master; \ # $(TOUCH) $(YPDBDIR)/$(DOM)/auto.master.time; \ # $(ECHO) "updated auto.master"; \ # if [ ! $(NOPUSH) ]; then \ # $(YPPUSH) auto.master; \ # $(ECHO) "pushed auto.master"; \ # else \ # : ; \ # fi \ # else \ # $(ECHO) "couldn't find $(DIR)/auto.master"; \ # fi
.
.
.
#auto.home: $(YPDBDIR)/$(DOM)/auto.home.time #auto.master: $(YPDBDIR)/$(DOM)/auto.master.time
.
.
.
#$(DIR)/auto.home: #$(DIR)/auto.master:
Place a comment sign (#) in front of the following lines:
all: passwd group hosts networks rpc services protocols netgroup \ aliases
If you are using the NIS master server to serve other site-specific maps, you must add an entry for them to the Makefile. See the Section 7.4.7.1 for information on adding entries for site-specific NIS maps, other than the /etc/auto.master and /etc/auto.home automount maps, to the /var/yp/Makefile file.
For information on creating automount maps, see Appendix C. For information on creating other site-specific maps, see the Section 7.4.7.1.
To continue to set up the master server, log in as root and run the nissetup script:
#
/usr/sbin/nissetup
A message appears reminding you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed.
Digital recommends that you run the yppasswdd daemon on the master NIS server.
If you enter the name of a host that is not listed in the master server's /etc/hosts file, the nissetup script prompts you for its IP address.
Enter the names of the SLAVE servers in the test_domain domain. Press Return to terminate the list.
Cannot find host3 in the file /etc/hosts. To add host3 to the /etc/hosts file you MUST know host3's Internet (IP) address.Would you like to add host3 to the /etc/hosts file (y/n) [y]? y
The nissetup script displays the list of servers that you entered and gives you the option to redo it to correct errors or to continue with the setup procedure.
The nissetup script then creates the default NIS maps, displaying messages similar to the following as it does:
Creating default NIS maps. Please wait... updated passwd updated group updated hosts updated networks updated rpc updated services updated protocols updated netgroup Finished creating default NIS maps.
If you choose to the -s option, the ypbind process runs in a secure mode.
If you choose to run the -S option, you must enter the names of up to four NIS servers.
The nissetup script automatically places the host name of the server you are configuring first. Press Return when you are done entering server names.
Digital recommends that you use the -S option.
Digital recommends that you disallow all ypset requests. Press Return to accept the default, and confirm your choice.
Digital recommends that you use all of the NIS databases.
If you choose to use all of the NIS databases (either enter y or accept the default), the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the files to be distributed by NIS. Continue with step 18.
If you choose not to use all of the NIS databases enter n, continue with the next step.
For your system to use the NIS served passwd database, group database, or both, +: must be the last line in the file or files you want served by NIS. This applies to the passwd and group databases only.
Note
The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, only the +: is required for your system to search NIS.
If you answer yes, nissetup edits the svc.conf file to include the string yp for each database. The nissetup script then skips the next question and continues at step 14.
If you answer no, nissetup continues with the next question.
If you answer yes, nissetup invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 7.3.4 for information on modifying the svc.conf file.
If you answer no, nissetup continues with the next question. Note that you must edit the svc.conf file if you want your system to use NIS to obtain database information other than passwd and group information. See svcsetup(8) for information on editing the svc.conf file with svcsetup or manually.
If you answer yes, nissetup starts the daemons.
If you answer no, use the following command to start the daemons manually after nissetup exits and returns you to the system prompt (#):
#
/sbin/init.d/nis start
To configure a slave server, do the following:
#
/usr/sbin/nissetup
A message appears reminding you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed.
If you choose to the -s option, the ypbind process runs in a secure mode.
If you choose to run the -S option, you must enter the names of up to four NIS servers.
The nissetup script automatically places the host name of the server you are configuring first. Press Return when you are finished entering server names.
Digital recommends that you use the -S option.
If you enter the name of a host that is not listed in the slave server's /etc/hosts file, the nissetup script prompts you for its IP address. When you finish entering the list of servers, enter c to continue configuring NIS on your system.
Digital recommends that you disallow all ypset requests. Press Return to accept the default and confirm your choice.
Digital recommends that you use all of the NIS databases.
If you choose to use all of the NIS databases (either enter y or accept the default), the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the file to be distributed by NIS. Continue with step 15.
If you choose not to use all of the NIS databases, enter n, continue with the next step.
For your system to use the NIS-served passwd database, group database, or both, +: must be the last line in the file or files you want NIS to serve. This applies to the passwd and group databases only.
Note
The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, the +: only is required for your system to search NIS.
If you answer yes, nissetup edits the svc.conf file to include the string yp for each database. The nissetup script then skips the next question and continues at step 15.
If you answer yes, nissetup invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 7.3.4 for information on modifying the svc.conf file.
If you answer no, nissetup continues with the next question. Note that you must edit the svc.conf file if you want your system to use NIS to obtain database information other than passwd and group information. See svcsetup(8) for information on editing the svc.conf file with svcsetup or manually.
If you answer yes, nissetup starts the daemons.
If you answer no, use the following command to start the daemons manually after nissetup exits and returns you to the system prompt (#):
#
/sbin/init.d/nis start
To configure an NIS client, do the following:
#
/usr/sbin/nissetup
A message appears reminding you that your network must be established before setting up NIS, and that in order to set up an NIS server you must have the Additional Networking Services subset installed.
If you choose to the -s option, the ypbind process runs in a secure mode.
If you choose to run the -S option, you must enter the names of up to four NIS servers.
If you enter the name of a host that is not listed in the client's /etc/hosts file, the nissetup script prompts you for its IP address. After you finish entering the list of servers, enter c to continue configuring NIS on your system.
Digital recommends that you disallow all ypset requests. Press Return to accept the default, and confirm your choice.
Digital recommends that you use all of the NIS databases.
If you choose to use all of the NIS databases (either enter y or accept the default), the nissetup script edits the /etc/svc.conf file to include the string yp for each database. It also edits the /etc/passwd and /etc/group files to include a plus sign followed by a colon (+:) at the end of each file. This enables your system to use NIS for each database listed. This symbol enables the file to be distributed by NIS. Continue with step 14.
If you choose not to use all of the NIS databases, enter n and continue with the next step.
For your system to use the NIS served passwd database, group database, or both, +: must be the last line in the file or files you want served by NIS. This applies to the passwd and group databases only.
Note
The service order selection for the passwd and group databases is handled by the Security Integration Architecture (SIA). If BSD is selected for passwd and group information in the /etc/sia/matrix.conf file, only the +: is required for your system to search NIS.
If you answer yes, nissetup edits the svc.conf file to include the string yp for each database. The nissetup script then skips the next question and continues at step 14.
If you answer no, nissetup continues with the next question.
If you answer yes, nissetup invokes the svcsetup script, which allows you to modify the database services selection file (the svc.conf file). See Section 7.3.4 for information on modifying the svc.conf file.
If you answer no, nissetup continues with the next question. Note that you must edit the svc.conf file if you want your system to use NIS to distribute database information other than passwd and group information. See svcsetup(8) for information on editing the svc.conf file with svcsetup or manually.
If you answer yes, nissetup starts the daemons.
If you answer no, use the following command to start the daemon manually after nissetup exits and returns you to the system prompt (#):
#
/sbin/init.d/nis start
If you choose not to use NIS for all of the default databases, the nissetup script provides the option of editing the /etc/svc.conf file with the svcsetup script. If you answer yes when nissetup asks if you want to run svcsetup, it invokes the svcsetup script. Use the following procedure to edit the /etc/svc.conf file:
If you choose the default (2), the local /etc files will be searched first for the requested information. If the information is not found locally, then an NIS server will be queried. This choice is valid for all of the databases that NIS serves.
To have NIS serve hosts information if your system is also having hosts information served by BIND, choose either option 5 local,bind,yp or 6 bind,local,yp for the hosts database. Note that options 3 local,bind, 4 bind,local, 5, and 6 are valid for the hosts database only.
If you configure NIS and run the nissetup script, you can modify or remove the NIS configuration.
If you choose to modify the NIS configuration, the nissetup script proceeds as described in Section 7.3.1 to Section 7.3.3, resulting in a new configuration.
If you choose to remove the NIS configuration, the nissetup script prompts you to verify your choice, then removes the NIS information from the following files:
This directory and its contents are deleted (for NIS master and slave servers only).
This section describes how to perform the following NIS server tasks:
Adding a slave server to a domain enables the slave server to receive updated NIS maps from the master server and serve them to NIS clients in a domain.
To add an NIS slave server to a domain, do the following:
#
makedbm -u domainname/ypservers > filename
#
makedbm filename ypservers
You can combine steps 4, 5, and 6 into one command line. See the example at the end of these steps.
See makedbm(8) for more information on building maps.
The following example (illustrating steps 3 through 9) shows how to add slave server host8 to domain market:
#
cd /var/yp
#
/var/yp/makedbm -u market/ypservers ; echo host8\ [1]
|/var/yp/makedbm - tmpmap
#
mv tmpmap.dir market/ypservers.dir [2]
#
mv tmpmap.pag market/ypservers.pag
#
yppush ypservers [3]
#
vi /var/yp/src/hosts [4]
.
.
.
#
make hosts [5]
Note
You can type the first and second lines as one command even if the line wraps on your screen, or you can use the backslash escape character (\), as shown.
Section D.1 contains a sample script you can copy that performs the steps involved in adding a slave server to a domain. You will still have to set up the slave server and edit the master server's hosts file, adding a slave server entry, if necessary. The script does not do those steps.
Removing a slave server from a domain means that the system will no longer receive updated NIS maps from the master server and serve them to NIS clients in a domain.
To remove an NIS slave server from the domain, do the following:
If the system is going to be an NIS client, configure it as an NIS client by using nissetup. See Section 7.3.3 for more information.
If the system will no longer use NIS, turn off the NIS configuration flag in the /etc/rc.config file by using the following command:
#
/usr/sbin/rcmgr set NIS_CONF NO
#
makedbm -u ypservers > filename
#
makedbm filename ypservers
You can combine steps 4, 5, and 6 into one command line. See the following examples.
See makedbm(8) for more information on building maps.
The following example (illustrating steps 4 through 8) shows how to remove slave server host4 from domain market:
#
/var/yp/makedbm -u market/ypservers |\ [1]
grep -v host4 | /var/yp/makedbm - tmpmap
#
mv tmpmap.dir market/ypservers.dir [2]
#
mv tmpmap.pag market/ypservers.pag
#
yppush ypservers [3]
Note
You can type the first and second lines as one command even if the line wraps on your screen, or you can use the backslash escape character (\), as shown.
Section D.2 contains a sample script you can copy that performs the steps involved in removing a slave server from a domain. You will still have to reconfigure the slave server as an NIS client or as a system that does not use NIS. The script does not do that for you.
Adding a new user to an NIS domain includes the user in the passwd map and allows the user to participate in the NIS environment. A user has only one password on all systems that use NIS for their passwd map.
To add a user to an NIS domain, do the following:
The master passwd file is a readable ASCII file with a one-line entry for each valid user on the system. Here is a sample passwd file entry for a user named Jane Doe:
doe:fnuTqqab.6yec:444:10:Jane Doe:/usr/staff/doe:/bin/csh
See System Administration for a description of how to edit the passwd file to add a new user.
Note
The remote systems on the network recognize a user by the user identification (UID) number. Therefore, it is important that each user have the same UID number on each of the systems on the network.
You can define login environments for new users in several ways. For example, you can give new users a copy of the .login and .cshrc files if they use the C shell (/bin/csh), or the .profile file if they use the Bourne shell (/bin/sh). Copies of the default environment files are stored in the /usr/skel directory. See System Administration and csh(1) and sh(1) for further information about setting up a new user's environment.
If the new user is a member of any groups at your site, add the user's login name to the master group and netgroup files on the NIS master server as necessary. See group(4), netgroup(4), and groups(1) for more information about user groups.
The following example (illustrating steps 2 through 4) shows how to add a new user to a domain:
#
vi /var/yp/src/passwd [1]
.
.
.
#
cd /var/yp [2]
#
make passwd [3]
You would then set up the new user's environment and have the user set the NIS password to complete the task.
Updating an NIS map involves making changes to an NIS map's master file, updating the Makefile file (if the map is not listed), and building and distributing the new map. Entries for the following standard maps are included in the Makefile file:
The master files are located in /var/yp/src on the NIS master server.
To update an NIS map, do the following:
See Section 7.4.7 for information on modifying the Makefile file.
#
make map_name
The following example (illustrating steps 4 through 7) shows how to update the hosts map:
#
cd var/yp/src [1]
#
vi hosts [2]
.
.
.
#
cd /var/yp [3]
#
make hosts [4]
Adding an NIS map to a domain allows the database information to be distributed throughout an NIS domain. You can create and distribute maps for any information you want to distribute.
To add an NIS map to a domain, do the following:
A master file is an ASCII text file containing individual entries. Each entry has fields separated by spaces. Some of these fields are used to build a key to each entry. Review some of the master files in the /var/yp/src directory to better understand the structure of a master file.
See Section 8.1.2 and Appendix C for more information on the auto.master map.
See Section 7.4.7 for information on modifying the Makefile file.
#
make map_name
The following example adds the phonelist map to a domain:
#
vi /var/yp/src/phonelist [1]
.
.
.
#
vi /var/yp/Makefile [2]
.
.
.
#
cd /var/yp [3]
#
make phonelist [4]
Removing an NIS map from a domain prevents the database information from being distributed throughout an NIS domain.
To remove an NIS map from a domain, do the following:
See Section 8.1.2 and Appendix C for more information on the auto.master map.
See Section 7.4.7 for information on modifying the Makefile file.
Modifying the Makefile file means adding or deleting database entries in the /var/yp/Makefile file on the NIS master server. By adding a database entry to the Makefile file, you indicate that you want a map produced for the specific database when you use the make command. By deleting a database entry, you indicate that you do not want a map produced for the specific database.
To add an entry to the Makefile file, do the following:
database_name: database_name.time
Finally, add an entry with the following format to the middle of the file:
database_name.time: various_commands
To simplify the creation of this entry, copy the auto.home.time: entry in the file and make the necessary database name changes.
The following example shows the phonelist database added to the /var/yp/Makefile file. There is a tab character preceding the netgroup database name in the all: line.
all: passwd group hosts networks rpc services protocols \ netgroup aliases phonelist
.
.
.
$(YPDBDIR)/$(DOM)/phonelist.time: $(DIR)/phonelist -@if [-f $(DIR)/phonelist ]; then \ $(SED) -e "/^#/d" -e s/#.*$$// $(DIR)/phonelist | \ $(MAKEDBM) - $(YPDBDIR)/$(DOM)/phonelist; \ $(TOUCH) $(YPDBDIR)/$(DOM)/phonelist.time; \ $(ECHO) "updated phonelist"; \ if [ ! $(NOPUSH) ]; then \ $(YPPUSH) phonelist; \ $(ECHO) "pushed phonelist"; \ else \ : ; \ fi \ else \ $(ECHO) "couldn't find $(DIR)/phonelist"; \ fi
.
.
.
phonelist: phonelist.time
To delete an entry from the Makefile file, do the following:
Instead of deleting the database line, you could comment out the line by adding a number sign (#) to the beginning of the line.
As you edit the /var/yp/Makefile file, remember the following:
By default, the ypserv and ypxfrd daemons provide NIS information to anyone with network access to an NIS server that makes a reqest. However, you can restrict NIS database access to only those hosts in subnets you specify by completing the following steps:
subnet_mask subnet_ip_address
For example:
255.255.0.0 128.30.0.0 [1] 255.255.255.0 128.211.10.0 [2] 255.255.255.255 128.211.5.6 [3]
If the file does not exist or contains no entries, the server accepts any NIS request.
If the file exists and contains entries, the ypserv and ypxfrd daemons read the /var/yp/securenets file during initialization. When an NIS request is received, the requester's IP address is compared to the subnets in the /var/yp/securenets file. If it matches, the request is processed. If it does not match, the NIS request is rejected and the rejection is recorded in the NIS server's log file. For example:
ypxfrd: An attack by non-trusted host, 128.40.16.122
On the system making the NIS request, NIS commands such as ypcat terminate with no error message. If a user is trying to log in to a system, the login times out after many retries.
Note
If the /var/yp/securenets file is modified, the you must kill and restart ypserv and ypbind.
NIS slave servers can also use a /var/yp/securenets file to restrict IP addresses to which it serves. However, the NIS slave server's IP address must be in the authorization range of entries in the /var/yp/securenets file of the NIS master.
This section describes how to perform the following NIS client management tasks:
To change a user's password that is stored in the NIS passwd map, use the yppasswd command. If you receive an error message, ask the system administrator on the master server to verify that the rpc.yppasswdd daemon on the NIS master server is running.
If you try to change your password with the passwd command, you might receive the following error message:
Not in passwd file.
This message means your password is stored and distributed in NIS. You must change your password by using the yppasswd command.
To change the root password, use the passwd command. This password is local and not in the NIS file.
See yppasswd(8) and rpc.yppasswdd(8) for further information.
Obtaining NIS map information enables you to see the following information:
To obtain NIS map information, issue one of the commands listed in Table 7-1.
Command | Action |
ypcat | Prints values from an NIS database |
ypwhich | Prints the name of the master server for an NIS map |
ypmatch | Prints the values of one or more keys from an NIS map |
Use the -x option with any of the commands shown in Table 7-1 to list all the map nicknames.
See ypcat(1), ypwhich(1), and ypmatch(1) for more information about these commands.
The following command lists all available maps and their master servers:
#
ypwhich -m
The following command lists all values in the hosts map:
#
ypcat hosts
The following command lists all occurrences in the hosts map that have the key apple:
#
ypmatch apple hosts
The following command lists all occurrences in the hosts map that have the name jones associated with them. The name jones is not a key in this map.
#
ypcat hosts | grep jones