Manualshelf

NFS Services Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
161162163164165166167168169170
Configuring and Administering NIS
Configuring and Administering an NIS Master Server
Chapter 4162
To Restrict Client and Slave Server Access to the
Master Server
1. On the NIS master server, create a file called /var/yp/securenets,
if it does not already exist.
2. Add lines to the file with the following syntax:
address_mask IP_address
The IP_address is the internet address of an NIS client, NIS slave
server, or subnet that may request NIS information or transfer NIS
maps from the NIS master server.
The address_mask indicates which bits in the IP_address field are
important. If a bit is set in the address_mask field, the
corresponding bit in the source address of any incoming NIS requests
must match the same bit in the IP_address field.
3. Issue the following commands to kill and restart the ypserv process:
/sbin/init.d/nis.server stop
/sbin/init.d/nis.server start
If a client or slave host has multiple network interface cards, add a line
to the securenets file for the IP address of each card.
Type man 4 securenets at the HP-UX prompt for more information.
Examples from /var/yp/securenets
The following line from a /var/yp/securenets file allows only the NIS
client at IP address 10.11.12.13 to request information from the NIS
master server. Because every bit is set in the address mask, the source IP
address on the NIS request must match exactly, or the master server will
not return the requested information.
255.255.255.255 10.11.12.13
The following line from a /var/yp/securenets file allows any host on
the network 10.11.12.0 to request NIS information or transfer NIS maps
from the master server. The last 8 bits of the IP address are ignored,
because the last 8 bits of the address mask are set to 0. Any host whose
IP address begins 10.11.12 will be allowed access to the master server.
255.255.255.0 10.11.12.13