On SL3, and probably SL5, "man yppasswdd" shows that one may start it
up with a parameter which specifies which port it should use:
--port number
rpc.yppasswdd will try to register itself to this port. This
makes it possible to have a router filter packets to the NIS ports.
Similarly, see "man ypserv".
Steven Yellin
On Thu, 3 Jul 2008, Miles O'Neal wrote:
Eve V. E. Kovacs said...
|
|Does anyone know the correct hole to punch in the firewall on an
|SL5.x NIS server so that yppasswd works on the clients? I find if I
|drop the firewall on the server, yppasswd works on the clients, but
|if it is in place a get a message saying that
|yppasswd: yppasswdd not running on NIS master host
|even though it is.
Normally these get assigned dynamically by
the portmapper, which makes it difficult
to know which ports to lock down.
s looks like a way around it:
http://www.ale.org/pipermail/ale/20031030/002564.html
[I haven't tried it as our firewall to the
world is solid, and internally we just lock
servers down and run only necessary services
with reasonably high levels of security. We
don't run iptables on anything I can think of
inside the firewall, and we don't let NIS, NFS,
etc through the firewall].
-Miles
