Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > S

securenets(4)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

securenet — NIS map security file

DESCRIPTION

The /etc/securenets file defines networks and hosts that may access the NIS maps on a server. Each line in the file gives a network mask and a net address, each in dotted quad format. For example:

255.255.255.255 133.33.33.33

The file may have any number of netmask/net pairs.

When ypserv is started on the server, it checks for the existence of /etc/securenets and reads its contents into memory if it exists. ypserv must be stopped and restarted for any changes in /etc/securenets to take effect.

Upon startup, the netmask and the net address are converted to binary format and logical ANDed. The result must equal the net address (the second address) to be legal.

If the netmask is 255.255.255.255 (all 1's in binary), any address in the net address argument will match it. If any field in the netmask is 0, the corresponding field in the net address must be 0. When used in this way, the portion of the addresses given as 0 acts as a wild card.

When a client attempts to bind to the server, ypbind checks the client's IP against those given in the /etc/securenets file. Again, the address is converted to binary and logical ANDed with the netmask. The result must equal the net address given in the file. If the client address doesn't match any pairs in the file, the binding is refused with the message "no such map in server's NIS domain".

The securenets file can be used to limit access to specific hosts or to subnets using the wildcard capability.

If there are syntax errors in the /etc/securenets file, messages are logged to the ypserv logging file (default /usr/adm/syslog ), and ypserv is not started.

If a host has multiple interfaces, each interface address must be allowed in the securenets file for that host to have reliable NIS access.

EXAMPLES

This line in /etc/securenets provides access only to the host with address 192.33.33.33:

255.255.255.255 192.33.33.33

This entry allows access by any host on the 192.33.33 subnet:

255.255.255.0 192.33.33.0

For broader access, for instance for an entire enterprise, this entry allows any host whose address begins with "15" to be served:

255.0.0.0 15.0.0.0

SEE ALSO

ypserv(1M)

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.