United States-English |
|
|
HP-UX Reference > Ssecurenets(4)HP-UX 11i Version 3: February 2007 |
|
NAMEsecurenet — NIS map security file DESCRIPTIONThe /etc/securenets file defines networks and hosts that may access the NIS maps on a server. Each line in the file gives a network mask and a net address, each in dotted quad format. For example: 255.255.255.255 133.33.33.33 The file may have any number of netmask/net pairs. When ypserv is started on the server, it checks for the existence of /etc/securenets and reads its contents into memory if it exists. ypserv must be stopped and restarted for any changes in /etc/securenets to take effect. Upon startup, the netmask and the net address are converted to binary format and logical ANDed. The result must equal the net address (the second address) to be legal. If the netmask is 255.255.255.255 (all 1's in binary), any address in the net address argument will match it. If any field in the netmask is 0, the corresponding field in the net address must be 0. When used in this way, the portion of the addresses given as 0 acts as a wild card. When a client attempts to bind to the server, ypbind checks the client's IP against those given in the /etc/securenets file. Again, the address is converted to binary and logical ANDed with the netmask. The result must equal the net address given in the file. If the client address doesn't match any pairs in the file, the binding is refused with the message "no such map in server's NIS domain". The securenets file can be used to limit access to specific hosts or to subnets using the wildcard capability. If there are syntax errors in the /etc/securenets file, messages are logged to the ypserv logging file (default /usr/adm/syslog ), and ypserv is not started. If a host has multiple interfaces, each interface address must be allowed in the securenets file for that host to have reliable NIS access. EXAMPLESThis line in /etc/securenets provides access only to the host with address 192.33.33.33: 255.255.255.255 192.33.33.33 This entry allows access by any host on the 192.33.33 subnet: 255.255.255.0 192.33.33.0 For broader access, for instance for an entire enterprise, this entry allows any host whose address begins with "15" to be served: 255.0.0.0 15.0.0.0 |
Printable version | ||
|