From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Nov 21 17:42:06 2006
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id kAL8g6Y10226;
	Tue, 21 Nov 2006 17:42:06 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mailgw.kanazawa-u.ac.jp (mailgw.kanazawa-u.ac.jp [133.28.20.10])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id kAL8g6w10220
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 21 Nov 2006 17:42:06 +0900 (JST)
	(envelope-from hirano@t.kanazawa-u.ac.jp)
Received: from smtpin02.ipc.kanazawa-u.ac.jp (smtpin02.ipc.kanazawa-u.ac.jp [133.28.27.202])
	by mailgw.kanazawa-u.ac.jp (8.13.8/8.13.8) with ESMTP id kAL8g5nd027504
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 21 Nov 2006 17:42:05 +0900 (JST)
Received: from smtpin02.ipc.kanazawa-u.ac.jp (localhost [127.0.0.1])
	by localhost.kanazawa-u.ac.jp (Postfix) with ESMTP id 6FF8868B21
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 21 Nov 2006 17:42:05 +0900 (JST)
Received: from pegasus.naklab.ec.t.kanazawa-u.ac.jp (pegasus.ec.t.kanazawa-u.ac.jp [133.28.97.32])
	by smtpin02.ipc.kanazawa-u.ac.jp (Postfix) with ESMTP id 2B3CA68B20
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 21 Nov 2006 17:42:05 +0900 (JST)
Received: from localhost (sagitta.naklab.ec.t.kanazawa-u.ac.jp [192.168.1.47])
	by pegasus.naklab.ec.t.kanazawa-u.ac.jp (8.13.1/8.13.1) with ESMTP id kAL8g4xi062925
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 21 Nov 2006 17:42:05 +0900 (JST)
	(envelope-from hirano@t.kanazawa-u.ac.jp)
Message-Id: <20061121.174204.21885304.hirano@t.kanazawa-u.ac.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
From: Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
X-Mailer: Mew version 4.2 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on pegasus.naklab.ec.t.kanazawa-u.ac.jp
X-Virus-Status: Clean
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 21 Nov 2006 17:42:04 +0900
X-Sequence: FreeBSD-users-jp 90154
Subject: [FreeBSD-users-jp 90154] yppush: status returned by ypxfr: Transfer request refused by
 ypserv
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: hirano@t.kanazawa-u.ac.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$BJ?Ln(B@$B6bBtBg$G$9!#(B

$B!!(Byppush$B$K<:GT$9$k$h$&$K$J$j$^$7$?!#4X78$,$"$k$N$+$I$&$+$o$+$j$^$;$s$,!"(B
NIS master$B$N%G!<%?$K$OIU$$$F$$$J$$(BYP_SECURE$B%U%i%0$,!"(BNIS slave$B$N%G!<%?(B
$B$K$OIU$$$F$$$k$h$&$G$9!#2?$+2r7h:v$O$J$$$G$7$g$&$+!#(B


$B!!8=:_!"(BNIS master$B$,(BFreeBSD 4.11-RELEASE-p15$B!"(Bslave$B$,(BFreeBSD
4.11-RELEASE-p15$B!A(Bp16$B!"(B5.4-RELEASE-p13$B$H$$$&4D6-$G$9!#>/$J$/$H$b(B7$B7n$^(B
$B$G$O@5>o$KF0$$$F$$$?$H;W$$$^$9!#:#F|!"(BNIS$B%^%C%W$r99?7$7$h$&$H$9$k$H!"(B
master$B$+$i(Bslave$B$X$NE>Aw$K<:GT$7$^$7$?!#<jF0$G(Byppush$B$9$k$H!"(B

# yppush -h carina auto.home
yppush: transfer of map auto.home to server carina failed
yppush: status returned by ypxfr: Transfer request refused by ypserv

$B$H$J$j$^$9!#(Bslave$B$N(B/var/log/messages$B$K$O!"(B

Nov 21 17:29:34 carina ypserv[61485]: access to master.passwd.byname denied -- client 192.168.1.36:3818 not privileged
Nov 21 17:29:45 carina ypserv[61485]: access to auto.home denied -- client 192.168.1.36:3655 not privileged

$B$H$"$j$^$9!#(B

$B!!%=!<%9Ey$rD/$a$?HO0O$G$O!"(Bunprivileged port$B$+$i$NMW5a$O5qH]$7$F$$$k(B
$B$h$&$G$9!#(B/usr/src/usr.sbin/ypserv/yp_access.c$B$N(B

#ifdef DB_CACHE
                if ((yp_testflag((char *)map, (char *)domain, YP_SECURE) ||
#else
                if ((strstr(map, "master.passwd.") ||
#endif
                    (rqstp->rq_prog == YPPROG &&
                     rqstp->rq_proc == YPPROC_XFR) ||
                    (rqstp->rq_prog == YPXFRD_FREEBSD_PROG &&
                     rqstp->rq_proc == YPXFRD_GETMAP)) &&
                     ntohs(rqhost->sin_port) >= IPPORT_RESERVED) {
                        yp_error("access to %s denied -- client %s:%d \
not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port));
                        return(1);
                }
        }

$B$"$?$j$H;W$o$l$^$9!#%3%s%Q%$%k;~$K!V(BDB_CACHE$B!W$ODj5A$5$l$F$$$^$7$?!#(B


$B!!(BNIS$B$N%G!<%?%Y!<%9(B (/var/yp/DOMAIN/*) $B$r(Bgrep$B$7$F$_$k$H!"(Bmaster$B$G$O(B
YP_SECURE$B$,8+Ev$?$i$J$$%U%!%$%k$G$b!"(Bslave$B$G$O(BYP_SECURE$B$,8+IU$+$j$^$9!#(B
----
$BJ?Ln989((B@$B6bBtBg3X(B $BBg3X1!(B $B<+A32J3X8&5f2J(B $BEE;R>pJs2J3X@l96(B
hirano@t.kanazawa-u.ac.jp
