1 '\" te 2 .\" Copyright (C) 2000, Sun Microsystems, 3 .\" Inc. All Rights Reserved 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] 7 .TH SECURENETS 4 "Apr 26, 1999" 8 .SH NAME 9 securenets \- configuration file for NIS security 10 .SH SYNOPSIS 11 .LP 12 .nf 13 \fB/var/yp/securenets\fR 14 .fi 15 16 .SH DESCRIPTION 17 .sp 18 .LP 19 The \fB/var/yp/securenets\fR file defines the networks or hosts which are 20 allowed access to information by the Network Information Service ("\fBNIS\fR"). 21 .sp 22 .LP 23 The format of the file is as follows: 24 .RS +4 25 .TP 26 .ie t \(bu 27 .el o 28 Lines beginning with the ``#'' character are treated as comments. 29 .RE 30 .RS +4 31 .TP 32 .ie t \(bu 33 .el o 34 Otherwise, each line contains two fields separated by white space. The first 35 field is a netmask, the second a network. 36 .RE 37 .RS +4 38 .TP 39 .ie t \(bu 40 .el o 41 The netmask field may be either \fB255.255.255.255\fR (IPv4), 42 \fBffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\fR (IPv6) , or the string ``host'' 43 indicating that the second field is a specific host to be allowed access. 44 .RE 45 .sp 46 .LP 47 Both \fBypserv\fR(1M) and \fBypxfrd\fR(1M) use the \fB/var/yp/securenets\fR 48 file. The file is read when the \fBypserv\fR(1M) and \fBypxfrd\fR(1M) daemons 49 begin. If \fB/var/yp/securenets\fR is present, \fBypserv\fR(1M) and 50 \fBypxfrd\fR(1M) respond only to \fBIP\fR addresses in the range given. In 51 order for a change in the \fB/var/yp/securenets\fR file to take effect, you 52 must kill and restart any active daemons using \fBypstop\fR(1M) and 53 \fBypstart\fR(1M). 54 .sp 55 .LP 56 An important thing to note for all the examples below is that the server must 57 be allowed to access itself. You accomplish this either by the server being 58 part of a subnet that is allowed to access the server, or by adding an 59 individual entry, as the following: 60 .sp 61 .in +2 62 .nf 63 hosts 127.0.0.1 64 .fi 65 .in -2 66 .sp 67 68 .SH EXAMPLES 69 .LP 70 \fBExample 1 \fRAccess for Individual Entries 71 .sp 72 .LP 73 If individual machines are to be give access, the entry could be: 74 75 .sp 76 .in +2 77 .nf 78 255.255.255.255 192.9.1.20 79 .fi 80 .in -2 81 .sp 82 83 .sp 84 .LP 85 or 86 87 .sp 88 .in +2 89 .nf 90 host 192.0.1.20 91 .fi 92 .in -2 93 .sp 94 95 .LP 96 \fBExample 2 \fRAccess for a Class C Network 97 .sp 98 .LP 99 If access is to be given to an entire class C network, the entry could be: 100 101 .sp 102 .in +2 103 .nf 104 255.255.255.0 192.9.1.0 105 .fi 106 .in -2 107 .sp 108 109 .LP 110 \fBExample 3 \fRAccess for a Class B Network 111 .sp 112 .LP 113 The entry for access to a class B network could be: 114 115 .sp 116 .in +2 117 .nf 118 255.255.0.0 9.9.0.0 119 .fi 120 .in -2 121 .sp 122 123 .LP 124 \fBExample 4 \fRAccess for an Invidual IPv6 Address 125 .sp 126 .LP 127 Similarly, to allow access for an individual IPv6 address: 128 129 .sp 130 .in +2 131 .nf 132 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0::111:abba:ace0:fba5e:1 133 .fi 134 .in -2 135 .sp 136 137 .sp 138 .LP 139 or 140 141 .sp 142 .in +2 143 .nf 144 host fec0::111:abba:ace0:fba5e:1 145 .fi 146 .in -2 147 .sp 148 149 .LP 150 \fBExample 5 \fRAccess for all IPv6 Addresses Starting with fe80 151 .sp 152 .LP 153 To allow access for all IPv6 addresses starting with fe80: 154 155 .sp 156 .in +2 157 .nf 158 ffff:: fe80:: 159 .fi 160 .in -2 161 .sp 162 163 .SH FILES 164 .sp 165 .ne 2 166 .na 167 \fB\fB/var/yp/securenets\fR\fR 168 .ad 169 .RS 22n 170 Configuration file for \fBNIS\fR security. 171 .RE 172 173 .SH SEE ALSO 174 .sp 175 .LP 176 \fBypserv\fR(1M), \fBypstart\fR(1M), \fBypstop\fR(1M), \fBypxfrd\fR(1M) 177 .SH NOTES 178 .sp 179 .LP 180 The Network Information Service (NIS) was formerly known as Sun Yellow Pages 181 (YP). The functionality of the two remains the same; only the name has 182 changed. The name Yellow Pages is a registered trademark in the United Kingdom 183 of British Telecommunications plc, and may not be used without permission.