HPE Community
Operating System - HP-UX
1846198 Members
4056 Online
110254 Solutions
New Discussion

NIS+: block unautherized ypserv access

 
Steven Whatley
Occasional Advisor

‎04-26-2004 01:21 AM

‎04-26-2004 01:21 AM

NIS+: block unautherized ypserv access

We are currently running NIS+ servers on two HP-UX 11.00 servers (master and replica). Because we have some Alpha Tru64 systems which don't support NIS+, we have to run NIS+ in YP-compatability mode. We need to block hosts from outside of our subnet from being able to connect to the ypserv port. We want to prevent them from getting aour passwrd file. We have tried/considered serveral things:

1) NIS+ does not seem to use the normal YP securenets file. I tried setting one up which seemed to have no affect.

2) Set up the router to block connections outside of the subnet from using the ports used by nisd. The problem is that since nisd uses portmapper, nisd & ypserv have different assigned ports after every reboot.

3) Using HP's IP Filters product to block the ports. To do this, we would need to run a script after nisd starts to use "rpcinfo -p" to obtain the nisd port numbers and progammatically block these ports. The problem is how to unblock the previous ports.

We would prefer option #2 but we can not find a way to force portmapper/rpc to assign a fixed port numbers (2 of them) to nisd. Can this be done?

BTW, we are planning to switch to LDAP within a few months but in the meantime we need to lock down access to our NIS+ servers via NIS.

Any info will be appreciated.

Thanks,
Steven
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.