Network Information Service (NIS) B.11.31.02 Administrator's Guide

Allowing Selected Clients to Access the Slave Server

To selectively allow clients to access the slave server and prevent access by other clients, complete

the following steps:

1. On the NIS slave server, create the following file if it does not exist:

/var/yp/securenets

2. Add entries to the /var/yp/securenets file with the following syntax:

address_mask IP_address

Where:

IP_address Specifies the Internet address of an NIS client, NIS slave server, or the

subnet that requests NIS information or transfers NIS maps from the NIS

master server.

address_mask Indicates the important bit fields in the IP_address.

If a bit is set in the address_mask field, the corresponding bit in the

source address of any incoming NIS requests must match the same bit

in the IP_address field.

Example 1

The following entry from the /var/yp/securenets file allows only the NIS client at IP

address 20.21.12.15, to request information from the NIS slave server:

255.255.255.255 20.21.12.15

Each bit is set in the address mask. Only the host whose IP address is 20.21.12.15 is allowed

access to the slave server.

Example 2

The following entry from a /var/yp/securenets file allows any host on the network

20.21.12.0, to request NIS information or transfer NIS maps from the slave server:

255.255.255.0 20.21.12.15

The last eight bits in the IP address are ignored because the last eight bits of the address

mask are set to 0. Any host whose IP address begins with 20.21.12 is allowed access to the

slave server.

3. Enter the following commands to stop and restart the ypserv process:

/sbin/init.d/nis.server stop

/sbin/init.d/nis.server start

For more information, see securenets (4).

38 Configuring and Administering an NIS Slave Server