NIS problem
Dan Nelson
dnelson at allantgroup.com
Thu Oct 16 09:42:47 PDT 2003
In the last episode (Oct 16), Adam Maloney said:
> In the last couple of days we have seen a lot of messages like the
> one below appearing in /var/log/messages:
>
> Oct 13 06:14:58 xxxxx ypserv[45883]: access to master.passwd.byname denied -- client 1.2.3.4:3458 not privileged
>
> This goes on for a number of minutes, and then fixes itself.
>
> Obviously, the problem is that the NIS lookup request is coming from
> a non-priveleged (> 1024) port, and ypserv won't honor it. What's
> not so obvious is why/how this is happening.
>
> I'm suspecting it's Sendmail, since the frequency of the message
> somewhat coincides with the rate of incoming mail on this box. But I
> can't seem to find any clues on the web or usenet confirming this. Has
> anyone seen this before, or know of a solution?
That message gets printed whenever a remote NIS client tries to access
master.passwd.* over a non-privileged port. Only root should have
access to the master maps, so a remote process has to bind to a port <
1024 before doing the lookup, to prove that it's root. It looks like
for some reason you have a process that's running as root but is using
a port over 1024. I can't see anyplace in the NIS client code that
binds the socket, though, so I must be looking in the wrong place. It
has to work, or else you wouldn't be able to log in using NIS at all.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list