Subject: | |
From: | |
Reply To: | Steven J. Yellin |
Date: | Thu, 3 Jul 2008 15:00:52 -0700 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On SL3, and probably SL5, "man yppasswdd" shows that one may start it
up with a parameter which specifies which port it should use:
--port number
rpc.yppasswdd will try to register itself to this port. This
makes it possible to have a router filter packets to the NIS ports.
Similarly, see "man ypserv".
Steven Yellin
On Thu, 3 Jul 2008, Miles O'Neal wrote:
> Eve V. E. Kovacs said...
> |
> |Does anyone know the correct hole to punch in the firewall on an
> |SL5.x NIS server so that yppasswd works on the clients? I find if I
> |drop the firewall on the server, yppasswd works on the clients, but
> |if it is in place a get a message saying that
> |yppasswd: yppasswdd not running on NIS master host
> |even though it is.
>
> Normally these get assigned dynamically by
> the portmapper, which makes it difficult
> to know which ports to lock down.
>
> s looks like a way around it:
>
> http://www.ale.org/pipermail/ale/20031030/002564.html
>
> [I haven't tried it as our firewall to the
> world is solid, and internally we just lock
> servers down and run only necessary services
> with reasonably high levels of security. We
> don't run iptables on anything I can think of
> inside the firewall, and we don't let NIS, NFS,
> etc through the firewall].
>
> -Miles
>
|
|
|