1) Port mapper The port mapper (rpc.

portmap or just portmap, or rpcbind) is an ONC RPC service that runs on network nodes that provide other ONC RPC services. Version 2 of the port mapper protocol maps ONC RPC program number/version number pairs to the network port number for that version of that program. When an ONC RPC server is started, it will tell the port mapper, for each particular program number/version number pair it supports for a particular transport protocol (TCP or UDP), what port number it is using for that particular program number/version number pair on that transport protocol. Clients wishing to make an ONC RPC call to a particular version of a particular ONC RPC service must first contact the port mapper on the server machine to determine the actual TCP or UDP port to use. Versions 3 and 4 of the protocol, called the rpcbind protocol, map a program number/version number pair, and an indicator that specifies a transport protocol, to a transport-layer endpoint address for that program number/version number pair on that transport protocol. The port mapper service always uses TCP or UDP port 111; a fixed port is required for it, as a client would not be able to get the port number for the port mapper service from the port mapper itself. The port mapper must be started before any other RPC servers are started. The port mapper service first appeared in SunOS 2.0.

Open Network Computing Remote Procedure Call (ONC RPC) is a widely deployed remote procedure call system. ONC was originally developed by Sun Microsystems as part of their Network File System project, and is sometimes referred to as Sun ONC or Sun RPC. ONC is considered "lean and mean", but has limited appeal as a generalized RPC system forWANs or heterogeneous environments[citation needed]. Systems such as DCE, CORBA and SOAP are generally used in this wider role[citation needed]. ONC is based on calling conventions used in Unix and the C programming language. It serializes data using the XDR, which has also found some use to encode and decode data in files that are to be accessed on more than one platform. ONC then delivers the XDR payload using either UDP or TCP. Access to RPC services on a machine are provided via a port mapperthat listens for queries on a well-known port (number 111) over UDP and TCP.

2) yppasswdd

The yppasswdd daemon is a server that receives and executes requests for new passwords from the yppasswd command. These requests require the daemon to verify the user's old password and change it. The daemon changes the password in the file you specify in the FileName parameter, which has the same format as the /etc/passwd file. To make it possible to update the Network Information Services (NIS) password map from remote machines, the yppasswdddaemon must be running on the master server that contains the NIS password map. Note: The yppasswdd daemon is not run by default, nor can it be started up from the inetd daemon like other Remote Procedure Call (RPC) daemons. The yppasswdd daemon can be started and stopped with the following System Resource Controller (SRC) commands: startsrc -s yppasswdd stopsrc -s yppasswdd

Flags
-m Runs the make command using the makefile in the /var/yp directory. This adds the new or changed password to the NIS password map. Any arguments that follow the -m flag are passed to the make command.

Indicates the server will not accept changes for gecos information from nogec the yppasswd command. os Indicates that the server will not accept password changes from -nopw the yppasswdd command. Indicates the server will not accept changes for user shells from noshe the yppasswd command. ll Directly updates the /var/yp/ domainname /passwd.byname and /var/yp/ domainname /pa sswd.byuiddatabase files on the Master server as well as any Slave servers with -r new or changed passwords. This option is faster than the -m flag because the make command is not run. The -r flag is useful when the database files are large (several thousand entries or more). Note: The System Resource Controller (SRC) starts the yppasswdd daemon with the -m flag specified by default. Use the chssyscommand to change the default to the -r flag.

Example
To propagate updated passwords immediately, invoke the yppasswdd daemon as follows: startsrc -s yppasswdd

Files
/etc/inetd.conf Defines how the inetd daemon handles Internet service requests.

/var/yp/Makefile Contains rules for making NIS maps. /etc/rc.nfs Contains the startup script for the NFS and NIS daemons. /etc/security/passwd Stores password information.

3) ypserv

ypserv
ypserv [options] NFS/NIS command. NIS server process. ypserv is a daemon process typically activated at system startup time. It runs only on NIS server machines with a complete NIS database. Its primary function is to look up information in its local database of NIS maps. The operations performed by ypserv are defined for the implementor by the NIS protocol specification, and for the programmer by the header file <rpcvc/yp_prot.h>. Communication to and from ypserv is by means of RPC calls. On startup or when receiving the signal SIGHUP, ypservparses the file /etc/ypserv.conf. ypserv supports securenets, which can be used to restrict access to a given set of hosts.

Options
-b, --dns Query the DNS service for host information if not found in the hosts maps. -d [path] , --debug [path] Run in debugging mode without going into background mode, and print extra status messages to standard error for each request. If path is specified, use it instead of /var/yp. -p port, --port port Bind to the specified port. For use with a router to filter packets so that access from outside hosts can be restricted. -v, --version Print version information and exit.

Files and directories

/etc/yp.conf Configuration file. /var/yp/domainname Location of NIS databases for domainname.

/var/yp/Makefile Makefile that is responsible for creating NIS databases. /var/yp/securenets securenets information containing netmask/network pairs separated by whitespace.

4) Ypbind
The Network Information Service (NIS) is a system that provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can allow users to log in on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded inthe NIS passwd database. NIS was formerly known as Sun Yellow Pages(YP). This package provides the ypbind daemon. The ypbind daemon binds NIS clients to an NIS domain. Ypbind must be running on any machines running NIS client programs. Install the ypbind package on any machines running NIS client programs (included in the yp-tools package). If you need an NIS server, youalso need to install the ypserv package to a machine on your network.

5 ) ypxfrd(8) - Linux man page

Name
rpc.ypxfrd - NIS map transfer server

Synopsis
/usr/sbin/rpc.ypxfrd [ -d path ] [ -p port ] [ --debug ] /usr/sbin/rpc.ypxfrd --version

Description
rpc.ypxfrd is used for speed up the transfer of very large NIS maps from a NIS master to the NIS slave server. If a NIS slave server receives a message that there is a new map, it will start ypxfr for transfering the new map. ypxfr will read the contents of a map from the master server using the yp_all() function. This process can take several minutes when there are very large maps which have to be stored by the database library. The rpc.ypxfrd server speeds up the transfer process by allowing NIS slave servers to simply copy the master server's map files rather than building their own from scratch.rpc.ypxfrd uses an RPCbased file transfer protocol, so that there is no need for building a new map. rpc.ypxfrd could be started by inetd. But since it starts very slowly, it should be started after ypserv from /etc/init.d/ypxfrd.

Options
--debug Causes the server to run in debugging mode. In debug mode, the server does not background itself and prints extra status messages to stderr for each request that it revceives. -d directory

rpc.ypxfrd is using this directory instead of /var/yp -p port rpc.ypxfrd will bind itself to this port, which makes it possible to have a router filter packets to the NIS ports. This can restricted the access to the NIS server from hosts on the Internet. --version Prints the version number

Security
rpc.ypxfrd uses the same functions for checking a host as ypserv. At first, rpc.ypxfrd will check a request from an address with /var/yp/securenets or the tcp wrapper. If the host is allowed to connect to the server, rpc.ypxfrd will uses the rules from /etc/ypserv.conf to check the requested map. If a mapname doesn't match a rule, rpc.ypxfrd will look for the YP_SECURE key in the map. If it exists, rpc.ypxfrd will only allow requests on a reserved port.

Files
1) /etc/ypserv.conf /var/yp/securenets

6).

ypinit(8) - Linux man page

Name
ypinit - NIS database install and build program

Synopsis
/usr/lib/yp/ypinit [ -m ] [ -s master_name ]

Description
ypinit builds the domain subdirectory of /var/yp for the current default domain. After building the domain subdirectory, ypinit builds a complete set of administrative maps for your system and places them in this directory. The first map created by ypinit -m is the ypservers map. You should run it as root on the hosts, which should be the master ypserver. You should have only one master server per NIS domain. All databases are built from scratch, either from information available to the program at runtime, or from the ASCII data base files in /etc. These files are listed below under FILES. An NIS database on a slave server is set up by copying an existing database from a running server. The master_name argument should be the hostname of an NIS server (either the master server for all the maps, or a server on which the data base is up-to-date and stable).

Options
-m If the local host is the NIS master. -s Set up a slave server with the database from master_name

Files
/etc/passwd /etc/group /etc/hosts /etc/networks /etc/services /etc/protocols /etc/netgroup /etc/rpc

7).

authconfig-tui(8) - Linux man page

Name
authconfig, authconfig-tui - an interface for configuring system authentication resources

Synopsis
authconfig [--nostart] [--enablecache] [--disablecache] [--enablenis [--nisdomain <domain>] [-nisserver <nisserver[,nisserver...]>] ] [--disablenis] [--enableshadow] [--disableshadow] [--enablemd5] ] [--disablemd5] ] [--enableldap] [--enableldapauth] [--enableldaptls] [--ldapserver <ldapserver[,ldapserver,...]>] [--ldapbasedn <basedn>] [--disableldap] [--disableldapauth] [-enablekrb5 [ --krb5realm <realm> ] [--krb5kdc <hostname[,hostname,...]>] [--krb5adminserver <hostname[,hostname,...]>] [--enablekrb5kdcdns] [--disablekrb5kdcdns] [--enablekrb5realmdns] [-disablekrb5realmdns] ] [--disablekrb5] [--enablehesiod [--hesiodlhs <lhs>] [--hesiodrhs <rhs>] ] [-disablehesiod] [--enablesmbauth] [--smbworkgroup <workgroup>] [--smbservers <server[,server]>] [-disablesmbauth] [--enablewinbind [--enablewinbindauth] [--smbsecurity <user|server|domain|ads>] [-smbrealm <realm>] [--smbidmapuid=<range>] [--smbidmapgid=<range>] [--winbindseparator=<\>] [-winbindtemplateprimarygroup=<group>] [--winbindtemplatehomedir=<directory>] [-winbindtemplateshell=<path>] ] [--disablewinbind] [--disablewinbindauth] [--

enablewinbindusedefaultdomain] [--disablewinbindusedefaultdomain] [--winbindjoin <admin>] [-enablewins] [--disablewins] <--test|--update|--probe>

Description
authconfig provides a simple method of configuring /etc/sysconfig/network to handle NIS, as well as /etc/passwd and /etc/shadow, the files used for shadow password support. Basic LDAP, Kerberos 5, and SMB (authentication) client configuration is also provided. If --test action is specified, authconfig can be run by users other then root, and any configuration changes are not saved but printed instead. If --update action is specified,authconfig must be run by root (or through console helper), and configuration changes are saved. The --probe action instructs authconfig to use DNS and other means to guess at configuration information for the current host, print its guesses if it finds them to standard output, and exit. If --nostart is specified (which is what the install program does), ypbind or other daemons will not be started or stopped immediately following program execution, but only enabled to start or stop at boot time. The --enablenis, --enableldap, --enablewinbind, and --enablehesiod options are used to configure user information services in /etc/nsswitch.conf, the --enablecacheoption is used to configure naming services caching, and the --enableshadow, --enablemd5, --enableldapauth, -enablekrb5, --enablewinbindauth, and --enablesmbauthoptions are used to configure authentication functions via /etc/pam.d/system-auth. Each --enable has a matching --disable option that disables the service if it is already enabled. The respective services have parameters which configure their server names etc. The authconfig-tui supports all options of authconfig but it implies --update as the default action. Its window contains a Cancel button by default. If --back option is specified at run time, a Back button is presented instead. If --kickstart is specified, no interactive screens will be seen. The values the program will use will be those specified by the other options (--enablemd5, --enableshadow, etc.).

Notes
The authconfig-tui is deprecated. No new configuration settings will be supported by its text user interface. Use system-config-authentication GUI application or the command line options instead.

Return Codes
authconfig returns 0 on success, 2 on error. authconfig-tui returns 0 on success, 2 on error, and 1 if the user cancelled the program (by using either the Cancel or Back button).

Files
/etc/sysconfig/authconfig Used to track whether or not particular authentication mechanisms are enabled. Currently includes variables named USESHADOW, USEMD5, USEKERBEROS, USELDAPAUTH, USESMBAUTH, USEWINBIND, USEWINBINDAUTH, USEHESIOD, USENIS, USELDAP. /etc/passwd, Used for shadow password support.

/etc/yp.conf Configuration file for NIS support. /etc/sysconfig/network Another configuration file for NIS support. /etc/ldap.conf /etc/openldap/ldap.conf Used to configure LDAP (and OpenLDAP, respectively). /etc/krb5.conf Used to configure Kerberos 5. /etc/krb.conf Used to configure Kerberos IV (write-only). /etc/hesiod.conf Used to configure Hesiod. /etc/pam_smb.conf Used to configure SMB authentication. /etc/samba/smb.conf Used to configure winbind authentication. /etc/nsswitch.conf Used to configure user information services. /etc/pam.d/system-auth Common PAM configuration for system services which include it using the include directive. It is created as symlink and not relinked if it points to another file. /etc/pam.d/system-auth-ac Contains the actual PAM configuration for system services and is the default target of the /etc/pam.d/system-auth symlink. If a local configuration of PAM is created (and symlinked from system-auth file) this file can be included there.

8) .

The

/etc/nsswitch.conf

file

The /etc/nsswitch.conf file is used to configure which services are to be used to determine information such as hostnames, password files, and group files. The last two ones, password files, and groupfiles in our case are not used, since we don't use NIS services on our server. Thus, we will focus on the hosts line in this file. Edit the nsswitch.conf file vi /etc/nsswitch.conf and change the hosts line to read:
"hosts: dns files"

The Name Service Switch (NSS) is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms. Such source databases include local operating system files, for example, /etc/passwd, /etc/group, and /etc/hosts, the Domain Name System (DNS), the Network Information Service(NIS), LDAP, and others.
Contents
[hide]

1 nsswitch. conf 2 Impleme ntation 3 History 4 See also 5 External links

[edit]nsswitch.conf

A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This lists databases (such as passwd, shadow and group) and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for

the Network Information Service, nisplus for NIS+, wins for Windows Internet Name Service). The nsswitch.conf file has line entries for each service consisting of a database name in the first field, terminated by a colon, and a list of possible source databases mechanisms in the second field. An example file is the following:
passwd: shadow: group: hosts: ethers: netmasks: networks: protocols: rpc: services: automount: aliases: files ldap files files ldap dns nis files files files files files files files files files nis nis nis nis nis nis

The order of the services listed determines in which order NSS will attempt to use those services to resolve queries on the specified database.
[edit]Implementation

The service switch facility is implemented within the C library, so that calls to functions such as getent resolve to the appropriate NSS module. This assures that existing applications that use the NSS routines do not require any changes to operate with NSS.
[edit]

9).

Make

The make utility is a software engineering tool for managing and maintaining computer programs. Make provides most help when the program consists of many component files. As the number of files in the program increases so to does the compile time, complexity of compilation command and the likelihood of human error when entering command lines, i.e. typos and missing file names.

By creating a descriptor file containing dependency rules, macros and suffix rules, you can instruct make to automatically rebuild your program whenever one of the program's component files is modified.Make is smart enough to only recompile the files that were affected by changes thus saving compile time.

What make does

goes through a descriptor file starting with the target it is going to create. Make looks at each of the target's dependencies to see if they are also listed as targets. It follows the chain of dependencies until it reaches the end of the chain and then begins backing out executing the commands found in each target's rule. Actually every file in the chain may not need to be compiled. Make looks at the time stamp for each file in the chain and compiles from the point that is required to bring every file in the chain up to date. If any file is missing it is updated if possible.
Make

builds object files from the source files and then links the object files to create the executable. If a source file is changed only its object file needs to be compiled and then linked into the executable instead of recompiling all the source files.
Make 10). ypmatch

Command

Purpose
Displays the values of given keys within a Network Information Services (NIS) map.

Syntax
To Display Key Values for an NIS Map /usr/bin/ypmatch [ -d Domain ] [ -k ] [ -t ] Key... MapName To Display the NIS Map Nickname Table /usr/bin/ypmatch -x

Description
The ypmatch command displays the values associated with one or more keys within a Network Information Services (NIS) map. Use the MapName parameter to specify either the name or nickname of the map you want to search. When you specify multiple keys in the Key parameter, the system searches the same map for all of the keys. Because pattern matching is not available, match the capitalization and length of each key exactly. If the system does not find a match for the key or keys you specify, a diagnostic message is displayed.

Flags
-d Domain -k Specifies a domain other than the default domain. Prints a key followed by a colon before printing the value of the key.

This is useful only if the keys are not duplicated in the values or if you have specified so many keys that the output could be confusing. -t Inhibits translation of nickname to map name. Displays the map nickname table. This lists the nicknames (as specified by the MapName parameter) the command knows of and indicates the map name associated with each nickname.

-x

11).Getent

NAME
getent - get entries from administrative database

SYNOPSIS
getent database [key ...]

DESCRIPTION
The getent program gathers entries from the specified administrative database using the specified search keys. Where database is one of aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services or shadow.

getent is a unix command that helps a user get entries in a number of important text files called databases. This includes the passwd and group databases which store user information hence getent is a common way to look up user details on Unix. Since getent uses the same name service as the system, getent will show all information, including that gained from network information sources such as LDAP. The databases it searches in are: passwd, group, hosts, services, protocols, ethers (Ethernet addresses) or networks. The general syntax is: getent database [key ...] Thorsten Kukuk wrote the getent utility for the GNU C Library.

[edit]Examples Fetch list of user accounts on a Unix system (stored in a database called 'passwd'). This will show all user accounts, regardless of the type of name service used. For example, if both local and LDAP name service are used for user accounts, the results will include all local and LDAP users: getent passwd Fetch details for a particular user called joe: getent passwd joe

This is the NIS password daemon. If you distribute the user and password database to your clients, changing a password from a client machine will not be possible, because the database is held on the server. This problem is solved by the yppasswdd daemon. It allows a client machine to connect and to change a password. The new password will be written in the NIS database and into /etc/shadow for local logins on the server. You enable this service by setting START_YPPASSWDD to yes.

rpc.ypxfrd is used for speed up the transfer of very large NIS maps from a NIS master to the NIS slave server. If a NIS slave server receives a message that there is a new map, it will start ypxfr for transfering the new map. ypxfr will read the contents of a map from the master server using the yp_all() function. This process can take several minutes when there are very large maps which have to be stored by the database library. The rpc.ypxfrd server speeds up the transfer process by allowing NIS slave servers to simply copy the master server's map files rather than building their own from scratch.rpc.ypxfrd uses an RPC-based file transfer protocol, so that there is no need for building a new map. rpc.ypxfrd could be started by inetd. But since it starts very slowly, it should be started after ypserv from /.etc/init.d/ypxfrd.

rpc.ypxfrd is used for speed up the transfer of very large NIS maps from a NIS master to the NIS slave server . If a NIS slave server receives a message that there is a new map It will start ypxfrd for transferring the map ypxfrd will read the contents of a map from the master server using the yp_all () function. this process can take several minutes when there are very large maps which to be stored by the data base library. The rpc.ypxfrd server speed up the transfer process by allowing nis slave servers to simply copy the master server s map files rather than building their own from scratch rpc.ypxfrd uses an RPC-based file transfer protocol, so that ther is no need for building a new map rpc.ypxfrd could be started by inetd but since it starts very slowly , it should be started after .ypserv from /etc/initd/ypxfrd.