d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d294e7fb70
freebsd-dev/contrib/bind/doc/man/irs.conf.5
Peter Wemm 6b6ac9438f Import bind v8.2.2.p5, minus the crypto for the time being. The bind 
package does have BXA export approval, but the licensing strings on the
dnssafe code are a bit unpleasant.  The crypto is easy to restore and bind
will run without it - just without full dnssec support.

Obtained from:	The Internet Software Consortium (www.isc.org)
1999-11-30 02:43:11 +00:00

202 lines
7.1 KiB
Groff
Raw Blame History

.\" Copyright (c) 1996,1999 by Internet Software Consortium
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\"
.\" Copyright (c) 1986, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: irs.conf.5,v 8.4 1999/01/18 07:46:45 vixie Exp $
.\"
.Dd November 16, 1997
.Dt IRS.CONF 5
.Os BIND 8.1
.Sh NAME
.Nm irs.conf
.Nd Information Retrieval System configuration file
.Sh SYNOPSIS
.Nm irs.conf
.Sh DESCRIPTION
The
.Xr irs 3
functions are a set of routines in the C library which provide access to
various system maps.
The maps that irs currently controls are the following: passwd, group,
services, protocols, hosts, networks and netgroup.
When a program first calls a function that accesses one of these maps,
the irs configuration file is read,
and the source of each map is determined for the life of the process.
.Pp
If this file does not exist,
the irs routines default to using local sources for all information,
with the exception of the host and networks maps,
which use the Domain Name System (DNS).
.Pp
Each record in the file consists of one line.
A record consists of a map-name, an access-method and possibly a (comma
delimited) set of options,
separated by tabs or spaces.
Blank lines, and text between a # and a newline are ignored.
.Pp
Available maps:
.Bd -literal -offset indent
Map name Information in map
========= ==================================
passwd User authentication information
group User group membership information
services Network services directory
protocols Network protocols directory
hosts Network hosts directory
networks Network "network names" directory
netgroup Network "host groups" directory
.Ed
.Pp
Available access methods:
.Bd -literal -offset indent
Access method Description
============= =================================================
local Use a local file, usually in /etc
dns Use the domain name service (includes hesiod)
nis Use the Sun-compatible Network Information Service
irp Use the IRP daemon on the localhost.
.Ed
.Pp
Available options:
.Bd -literal -offset indent
Option Description
======== ================================================
continue don't stop searching if you can't find something
merge don't stop searching if you CAN find something
.Ed
.Pp
The continue option creates
.Dq "union namespaces"
whereby subsequent access methods of the same map type can be tried
if a name cannot be found using earlier access methods.
This can be quite confusing in the case of host names,
since the name to address and address to name mappings can be visibly
asymmetric even though the data used by any given access method is
entirely consistent. This behavior is, therefore, not the default.
.Pp
The merge option only affects lookups in the groups map.
If set, subsequent access methods will be tried in order to cause
local users to appear in NIS (or other remote) groups in addition
to the local groups.
.Sh EXAMPLE
.Bd -literal -offset indent
# Get password entries from local file, or failing that, NIS
passwd local continue
passwd nis
# Build group membership from both local file, and NIS.
group local continue,merge
group nis
# Services comes from just the local file.
services local
protocols local
# Hosts comes first from DNS, failing that, the local file
hosts dns continue
hosts local
# Networks comes first from the local file, and failing
# that the, irp daemon
networks local continue
networks irp
netgroup local
.Ed
.Sh NOTES
If a local user needs to be in the local host's
.Dq wheel
group but not in every host's
.Dq wheel
group, put them in the local host's
.Pa /etc/group
.Dq wheel
entry and set up the
.Dq groups
portion of your
.Pa /etc/irs.conf
file as:
.Bd -literal -offset indent
group local continue,merge
group nis
.Ed
.Pp
NIS takes a long time to time out.
Especially for hosts if you use the
.Fl d
option to your server's
.Dq ypserv
daemon.
.Pp
It is important that the
.Pa irs.conf
file contain an entry for each map.
If a map is not mentioned in the
.Pa irs.conf
file, all queries to that map will fail.
.Pp
The classic NIS mechanism for specifying union namespaces is to add an entry
to a local map file whose name is ``+''. In IRS, this is done via ``continue''
and/or ``merge'' map options. While this results in a small incompatibility
when local map files are imported from non-IRS systems to IRS systems, there
are compensating advantages in security and configurability.
.Sh FILES
.Bl -tag -width /etc/irs.confXXXX -compact
.It Pa /etc/irs.conf
The file
.Nm irs.conf
resides in
.Pa /etc .
.El
.Sh SEE ALSO
.Xr groups 5 ,
.Xr hosts 5 ,
.Xr netgroup 5 ,
.Xr networks 5 ,
.Xr passwd 5 ,
.Xr protocols 5 ,
.Xr services 5
Reference in New Issue View Git Blame Copy Permalink