1.\" Copyright (c) 1991, 1993, 1995 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $FreeBSD: src/usr.sbin/ypbind/ypbind.8,v 1.15.2.4 2003/03/11 22:31:35 trhodes Exp $ 33.\" $DragonFly: src/usr.sbin/ypbind/ypbind.8,v 1.2 2003/06/17 04:30:04 dillon Exp $ 34.\" 35.Dd April 9, 1995 36.Dt YPBIND 8 37.Os 38.Sh NAME 39.Nm ypbind 40.Nd "NIS domain binding daemon" 41.Sh SYNOPSIS 42.Nm 43.Op Fl ypset 44.Op Fl ypsetme 45.Op Fl s 46.Op Fl m 47.Oo 48.Fl S 49.Sm off 50.Ar domainname , server1 , server2 , ... 51.Sm on 52.Oc 53.Sh DESCRIPTION 54The 55.Nm 56utility is the process that maintains NIS binding information. 57At startup, 58it searches for an NIS server responsible for serving the system's 59default domain (as set by the 60.Xr domainname 1 61command) using network broadcasts. 62Once it receives a reply, 63it will store the address of the server and other 64information in a special file located in 65.Pa /var/yp/binding . 66The NIS routines in the standard C library can then use this file 67when processing NIS requests. 68There may be several such files 69since it is possible for an NIS client to be bound to more than 70one domain. 71.Pp 72After a binding has been established, 73.Nm 74will send DOMAIN_NONACK requests to the NIS server at one minute 75intervals. 76If it fails to receive a reply to one of these requests, 77.Nm 78assumes that the server is no longer running and resumes its network 79broadcasts until another binding is established. 80The 81.Nm 82utility will also log warning messages using the 83.Xr syslog 3 84facility each time it detects that a server has stopped responding, 85as well as when it has bound to a new server. 86.Pp 87The following options are available: 88.Bl -tag -width indent 89.It Fl ypset 90It is possible to force 91.Nm 92to bind to a particular NIS server host for a given domain by using the 93.Xr ypset 8 94command. 95However, 96.Nm 97refuses YPBINDPROC_SETDOM requests by default since it has no way of 98knowing exactly who is sending them. 99Using the 100.Fl ypset 101flag causes 102.Nm 103to accept YPBINDPROC_SETDOM requests from any host. 104This option should only 105be used for diagnostic purposes and only for limited periods since allowing 106arbitrary users to reset the binding of an NIS client poses a severe 107security risk. 108.It Fl ypsetme 109This is similar to the 110.Fl ypset 111flag, except that it only permits YPBINDPROC_SETDOM requests to be processed 112if they originated from the local host. 113.It Fl s 114Cause 115.Nm 116to run in secure mode: it will refuse to bind to any NIS server 117that is not running as root (i.e. that is not using privileged 118TCP ports). 119.It Fl S Xo 120.Sm off 121.Ar domainname , server1 , server2 , server3 , ... 122.Sm on 123.Xc 124Allow the system administrator to lock 125.Nm 126to a particular 127domain and group of NIS servers. 128Up to ten servers can be specified. 129There must not be any spaces between the commas in the domain/server 130specification. 131This option is used to insure that the system binds 132only to one domain and only to one of the specified servers, which 133is useful for systems that are both NIS servers and NIS 134clients: it provides a way to restrict what machines the system can 135bind to without the need for specifying the 136.Fl ypset 137or 138.Fl ypsetme 139options, which are often considered to be security holes. 140The specified 141servers must have valid entries in the local 142.Pa /etc/hosts 143file. IP addresses may be specified in place of hostnames. 144If 145.Nm 146can't make sense ouf of the arguments, it will ignore 147the 148.Fl S 149flag and continue running normally. 150.Pp 151Note that 152.Nm 153will consider the domainname specified with the 154.Fl S 155flag to be the system default domain. 156.It Fl m 157Cause 158.Nm 159to use a 'many-cast' rather than a broadcast for choosing a server 160from the restricted mode server list. 161In many-cast mode, 162.Nm 163will transmit directly to the YPPROC_DOMAIN_NONACK procedure of the 164servers specified in the restricted list and bind to the server that 165responds the fastest. 166This mode of operation is useful for NIS clients on remote subnets 167where no local NIS servers are available. 168The 169.Fl m 170flag can only be used in conjunction with the 171.Fl S 172flag above (if used without the 173.Fl S 174flag, it has no effect). 175.El 176.Sh NOTES 177The 178.Nm 179utility will not make continuous attempts to keep secondary domains bound. 180If a server for a secondary domain fails to respond to a ping, 181.Nm 182will broadcast for a new server only once before giving up. 183If a 184client program attempts to reference the unbound domain, 185.Nm 186will try broadcasting again. 187By contrast, 188.Nm 189will automatically maintain a binding for the default domain whether 190client programs reference it ot not. 191.Sh FILES 192.Bl -tag -width /etc/rc.conf -compact 193.It Pa /var/yp/binding/[domainname].[version] 194the files used to hold binding information for each NIS domain 195.It Pa /etc/rc.conf 196system configuration file where the system default domain and 197ypbind startup options are specified 198.El 199.Sh SEE ALSO 200.Xr domainname 1 , 201.Xr syslog 3 , 202.Xr yp 8 , 203.Xr ypserv 8 , 204.Xr ypset 8 205.Sh AUTHORS 206.An Theo de Raadt Aq deraadt@fsa.ca 207