Manualshelf

Network Information Service (NIS) B.11.31.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
The yppasswd command is a link to the passwd -r nis command. It modifies the passwd
file on the NIS master server, regenerates the NIS passwd maps from the updated passwd file,
and replicates the NIS passwd maps on the slave servers.
For more information, see yppasswd(1), yppasswdd(1M), passwd(1), ypxfr(1M), and yppush(1M).
Preventing an NIS Client from Binding to Unknown Servers
To prevent an NIS client from binding to unknown servers, complete the following steps:
1. Create the following file if it does not already exist:
/var/yp/secureservers
2. Add lines to the file with the following syntax:
address_mask IP_address
Where:
IP_address Specifies the Internet address of an NIS server or the subnet of an NIS
server from which the client accepts NIS information.
address_mask Indicates the important bits in the IP_address field.
If a bit is set in the address_mask field, the corresponding bit in the
source address of any incoming NIS requests must match the same bit
in the IP_address field.
Example 1
The following line from a /var/yp/secureservers file allows the NIS client to bind only
to the server at IP address 20.21.22.23:
255.255.255.255 20.21.22.23
Each bit is set in the address mask. IP address of the NIS server must match the IP_address
field exactly, for the client to bind to the server.
Example 2
The following line from a /var/yp/secureservers file allows the client to bind to any
NIS server on the network 20.21.22.0.
255.255.255.0 20.21.22.23
The last eight bits in the IP address are ignored, because the last eight bits of the address
mask are set to 0. The client binds to any server whose IP address begins with 20.21.22.
3. Enter the following commands to stop and start the ypbind process:
/sbin/init.d/nis.client stop
/sbin/init.d/nis.client start
If the master or the slave server has multiple interface cards, and these alternate network interface
cards are used to contact the server, add the IP addresses of all cards to the secureservers
file.
If you start the ypbind daemon with the -ypset option and run the ypset command to bind
to an NIS specific server, the /var/yp/secureservers file is ignored and the NIS client may
bind to any server. However, if the NIS client fails to bind to an NIS server, the ypbind daemon
does not fall back to the broadcast mode. As a result, the NIS client remains unbound. In such
cases, you must use the ypinit c command to bind the NIS client to an NIS server.
For more information, see ypbind (1M).
Binding an NIS Client to a Server on a Different Subnet
This section describes how to bind an NIS client to an NIS server on a different subnet or to a
specific server on the same subnet.
42 Configuring and Administering an NIS Client