NFS Services Administrator's Guide
Configuring and Administering NIS
Configuring and Administering an NIS Client
Chapter 4188
To Prevent a Client from Binding to Unknown Servers
1. On the NIS client, create a file called /var/yp/secureservers, if it
does not already exist.
2. Add lines to the file with the following syntax:
address_mask IP_address
The IP_address is the internet address of an NIS server or the
subnet of an NIS server from which the client will accept NIS
information.
The address_mask indicates which bits in the IP_address field are
important. If a bit is set in the address_mask field, the
corresponding bit in the address of any NIS server must match the
same bit in the IP_address field.
3. Issue the following commands to kill and restart the ypbind process:
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
If an NIS server host has multiple network interface cards, add a line to
the secureservers file for the IP address of each card.
If you start ypbind with the -ypset option and issue the ypset
command to bind to a specific server, the /var/yp/secureservers file is
ignored, and the client may bind to any server.
Type man 1M ypbind at the HP-UX prompt for more information.
Examples from /var/yp/secureservers
The following line from a /var/yp/secureservers file allows the NIS
client to bind only to the server at IP address 20.21.22.23. Because every
bit is set in the address mask, the IP address of the NIS server must
match the IP_address field exactly, or the client will not bind to it.
255.255.255.255 20.21.22.23
The following line from a /var/yp/secureservers file allows the client
to bind to any NIS server on the network 20.21.22.0. The last 8 bits of the
server’s IP address are ignored, because the last 8 bits of the address
mask are set to 0. The client may bind to any server whose IP address
begins 20.21.22.
255.255.255.0 20.21.22.23