NIS : Maps

Setting Up Client Access to Maps

This step is critical to security.

Back up then edit the file /var/yp/securenets. Create it if it does not exist.
Define, by IP address, the clients that can access the NIS maps. If you don’t specify these clients, ANY computer on your network can access your maps. I’ll leave it to you to imagine what, say, a visitor with a laptop could do to these files.

You can specify individual clients like this:

or you can specify netmask/network pairs:

This example would allow any client on the 132.62.21.* network access to the NIS maps.


2: Optional: Back up then edit the file /etc/ypserv.conf.

You only need to do this under two circumstances: first, if you want to designate trusted slave NIS servers, and second, if you want to use “shadow-like” passwords.


3: Configure Access to Specific Map Files

The file /etc/ypserv.conf file lets you define access to specific files (maps). This is very detailed configuration, and you’ll rarely need it. It uses access rules with this syntax:


This field can accept an asterisk to match any host. Otherwise, hosts are defined by a single IP address for a single host (which means you need one line for each host), or by a subnet IP (like, which will allow anyone on that subnet access.

This field refers to the specific file to which you’re allowing or disallowing access, for instance the passwd file.

This field can be none, which always allows access (in other words, no security);
port, which allows access from ports lower-numbered than the specified number (for instance, 1024 allows access only from ports below 1024);
deny, which denies all access to this map; or
des, which requires DES-hashed authentication.

The term “mangle” generally means, “replace the value of this field with an x.”
“Yes” means “do mangle,” and requires that you specify the field;
“no” means “don’t mangle” and requires nothing further.

You can also specify if NIS should query a DNS server for any host names that aren’t specified in maps. By default, it is dns:no.

Check out the commented line:

#* : * : * : none

If you remove the # from this line (uncomment it), all hosts have access to all maps. This is not secure, but sometimes it is a good place to start and get your NIS network running.