hacked up by me to remove the IPv6 stuff (fow now). I renamed
it `keyadmin' since `key' was already taken by the S/Key calculator.
Its purpose is to act as a command-driven interface to the `PF_KEY'
socket domain, analogously to thefunction of route(8) in the
`PF_ROUTE' domain. This program is believed to be exportable, since
it does no actual cryptography itself.
apparently look bad on some LCD screens. While I'm in there, tweak and adjust
a number of other minor interface details which have been bothering me for
awhile.
for everything _but_ the multi-user case now (it was the opposite before :-).
That means adding packages with the 2.2-960511-SNAP boot floppy is busted. Feh.
allowing sysinstall to automagically detect, mount and select an
appropriate FreeBSD CDROM as the installation media. Defining "appropriate"
also requires that you check the version numbers since an older FreeBSD
CD could be in the drive, which is the purpose of this patch.
is conditionalized by the INCLUDE_CONFIG_FILE option in your kernel config
file and is not turned on by default.
Submitted-By: Bill Pechter <pechter@shell.monmouth.com>
If rpc.yppasswdd is invoked with the -i flag, password changes will
be made to the master.passwd template file and the hash map files
in-place, which means it won't have to run a complete map update.
Instead, it calls /var/yp/Makefile with the 'pushpw' target, which
just pushes the maps to the slaves and runs yp_mkdb -c to tell the
local ypserv to flush its database cache.
The server will check the passwd.byname and passwd.byuid maps to see
if they were built in 'insecure' or 'secure' mode (i.e. with real
encrypted passwords in them or without) and update them accordingly.
This combined with rpc.ypxfrd greatly reduces the amount of time it
takes to complete an NIS password change, especially with very large
passwd databases.
This server impliments an RPC-based file transfer protocol that allows
an NIS slave server to copy a raw map database file from an NIS master.
The goal here is to speed up the transfer of very large maps. If you
have, for example, an NIS password database with 30,000 records in it,
it can take around 8 to 10 minutes to regenerate it (four hash databases
are created). As it stands now, ypxfr(8) transfers a map by sucking all
the records from ypserv(8) on the master using yp_all() and writing them
to a new database using the db(3) library. This adds up to another 8 to 10
minutes, per slave. With as the number of slaves increases, this latency
becomes prohibitive.
With rpc.ypxfrd, all the slave has to do is copy the already-built
hash database file from the master and move it into place. Even with a
multi-megabyte file, this reduces the master to slave transfer time
to well under a minute. (This is using TCP.)
Access restrictions are applied using the same mechanism as in ypserv:
you can control access using /var/yp/securenets, and the server will
not transmit the master.passwd.* maps unless the transfer request originates
on a reserved port.
Note: this server is based on my hastily contrived protocol and is _NOT_
compatible with Sun's protocol of the same name. It can't be compatible
for a couple of reasons. For one thing, Sun's protocol has not been published
anywhere that I know of. It is not included in any of the SunRPC source
distributions that I've been able to find. Second, Sun's NIS v2 code
uses old style ndbm maps while FreeBSD uses Berkeley DB. The file formats
are incompatible, so being able to transfer maps between FreeBSD and SunOS
hosts wouldn't do any good anyway. (You could always port the FreeBSD NIS
code to SunOS if you really wanted to do it. :)
(There's also the little fact that SunOS/SPARC is big-endian and FreeBSD/i386
is little-endian. Berkeley DB can handle byte ordering differences; ndbm
probably can't.)
- Add a 'pushpw' target that only yppushes the various passwd maps
and sends a YPPROC_CLEAR to the local ypserv. This will be used by
rpc.yppasswdd once I merge in the in-place update changes.
yp_access.c:
- Make the yp_access() function print RPC program and procedure numbers
that it doesn't know about in literal form. This will allow it to work
with other prgrams that it doesn't know about, like rpc.ypxfrd I'm going
to import shortly.
yp_dblookup.c:
- Take out the __inline keywords. They weren't really helping me anyway.
- Somehow I broke yp_next() when DB_CACHE wasn't #defined. Fix it.
- Also fix potential case where yp_next() might loop forever; make sure
it checks the return values of all the (dbp->seq)()/R_NEXT calls that
it does as well as comparing keys.
