securenets.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

securenets(4) securenets(4)

NAME

securenets - NIS map security ﬁle

DESCRIPTION

The

/etc/securenets

ﬁle deﬁnes networks and hosts that can access the NIS maps on a server.

Each line in the ﬁle gives a network mask and a net address. For example:

255.255.255.255 133.33.33.33

The format of the ﬁle is as follows:

• Lines beginning with the

# character are treated as comments.

• Lines that are not comment lines contain two ﬁelds separated by white space. The ﬁrst ﬁeld is a net-

mask, and the second ﬁeld is a network.

• The netmask ﬁeld can be one of the following:

• 255.255.255.255 (IPv4)

• ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (IPv6)

• the string host indicating that the second ﬁeld is a speciﬁc host to be allowed access.

The ﬁle can have any number of netmask/net pairs.

When

ypserv is started on the server, it checks for the existence of /etc/securenets

and reads its

contents into memory if it exists.

ypserv must be stopped and restarted for any changes in

/etc/securenets to take effect.

Upon startup, the netmask and the net address are converted to binary format and logical ANDed. The

result must equal the net address (the second address) to be legal.

If the netmask is 255.255.255.255 (all 1’s in binary), any address in the net address argument will match

it. If any ﬁeld in the netmask is 0, the corresponding ﬁeld in the net address must be 0. When used in

this way, the portion of the addresses given as 0 acts as a wild card.

When a client attempts to bind to the server, ypbind checks the client’s IP against those given in the

/etc/securenets ﬁle. Again, the address is converted to binary and logical ANDed with the net-

mask. The result must equal the net address given in the ﬁle. If the client address does not match any

pairs in the ﬁle, the binding is refused with the message, "no such map in server’s NIS domain".

The

securenets ﬁle can be used to limit access to speciﬁc hosts or to subnets using the wildcard capa-

bility.

If there are syntax errors in the

/etc/securenets

ﬁle, messages are logged to the ypserv logging

ﬁle (default

/usr/adm/syslog

), and ypserv is not started.

If a host has multiple interfaces, each interface address must be allowed in the securenets ﬁle for that

host to have reliable NIS access.

EXAMPLES

The following examples show entries for the

/etc/securenets ﬁle.

Example 1: Either of the following entries provides access only to the host with address 192.33.33.33:

255.255.255.255 192.33.33.33

host 192.33.33.33

Example 2: The following entry allows access by any host on the 192.33.33 subnet:

255.255.255.0 192.33.33.0

Example 3: For broader access, such as an entire enterprise, the following entry allows any host

whose address begins with "15" to be served:

255.0.0.0 15.0.0.0

Example 4: Either of the following entries allows access for an individual IPv6 address:

ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0::210:6eff:fef3:4229

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
securenets(4) securenets(4) NAME securenets - NIS map security file DESCRIPTION The /etc/securenets file defines networks and hosts that can access the NIS maps on a server. Each line in the file gives a network mask and a net address. For example: 255.255.255.255 133.33.33.33 The format of the file is as follows: • Lines beginning with the # character are treated as comments. • Lines that are not comment lines contain two fields separated by white space.
PAGE 2
securenets(4) securenets(4) host fec0::210:6eff:fef3:4229 Example 5: The following entry allows access for all IPv6 addresses starting with "fec0": ffff:: fec0:: SEE ALSO ypserv(1M).