HP-UX Reference (11i v1 05/09) - 4 File Formats (vol 8)
s
securenets(4) securenets(4)
NAME
securenets - NIS map security file
DESCRIPTION
The /etc/securenets
file defines networks and hosts that may access the NIS maps on a server.
Each line in the file gives a network mask and a net address, each in dotted quad format. For example:
255.255.255.255 133.33.33.33
The file may have any number of netmask/net pairs.
When ypserv is started on the server, it checks for the existence of
/etc/securenets
and reads its
contents into memory if it exists.
ypserv must be stopped and restarted for any changes in
/etc/securenets
to take effect.
Upon startup, the netmask and the net address are converted to binary format and logical ANDed. The
result must equal the net address (the second address) to be legal.
If the netmask is 255.255.255.255 (all 1’s in binary), any address in the net address argument will match it.
If any field in the netmask is 0, the corresponding field in the net address must be 0. When used in this
way, the portion of the addresses given as 0 acts as a wild card.
When a client attempts to bind to the server,
ypbind checks the client’s IP against those given in the
/etc/securenets file. Again, the address is converted to binary and logical ANDed with the netmask.
The result must equal the net address given in the file. If the client address doesn’t match any pairs in the
file, the binding is refused with the message "no such map in server’s NIS domain".
The
securenets file can be used to limit access to specific hosts or to subnets using the wildcard capa-
bility.
If there are syntax errors in the /etc/securenets
file, messages are logged to the ypserv logging
file (default
/usr/adm/syslog
), and ypserv is not started.
If a host has multiple interfaces, each interface address must be allowed in the securenets file for that host
to have reliable NIS access.
EXAMPLES
This line in
/etc/securenets
provides access only to the host with address 192.33.33.33:
255.255.255.255 192.33.33.33
This entry allows access by any host on the 192.33.33 subnet:
255.255.255.0 192.33.33.0
For broader access, for instance for an entire enterprise, this entry allows any host whose address begins
with "15" to be served:
255.0.0.0 15.0.0.0
SEE ALSO
ypserv(1M).
HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 4−−273