Red Hat Enterprise Linux 5 Administration Unleashed

258CHAPTER 12Identity Management. ypxfr_disable_trans: Disable SELinux protection for ypxfr if set to 1.. ypbind_disable_trans: Disable SELinux protection for ypbind if set to 1.You can also change the values of these booleans by running the SELinux ManagementTool. Start it by selecting Administration, SELinux Management from the System menuon the top panel of the desktop or by executing the system-config-selinux command.Enter the root password when prompted if running as a non-root user. Select Booleanfrom the list on the left. On the right, click the triangle icon next to NIS. The SELinuxbooleans affecting NIS appear.TIPThe SELinux booleans that affect NIS are described in the ypbind_selinux man pageviewable with the man ypbind_selinux command.Allowing NIS ConnectionsBy default, the ports used by NIS are selected at random by portmap. If you are using firewallrules that only allow connections on specific ports, static ports can be set for theypserv and ypxfrd services but not for yppasswdd. Refer to the /etc/services file for alist of ports already reserved for other services on the system and then select availableports. To assign ports to ypserv and ypxfrd, add the following lines to /etc/sysconfig/network:YPSERV_ARGS=”-p ”YPXFRD_ARGS=”p ”If the services are already running, they must be restarted for the changes to take effect.After restarting them, use the rpcinfo -p command to verify that theselected ports are being used.If custom IPTables rules are being used, refer to Chapter 24, “Configuring a Firewall,” fordetails on how to allow these ports.If the default security level is enabled instead of custom IPTables rules, use the SecurityLevel Configuration tool to allow NIS connections. Start it by selecting Administration,Security Level and Firewall from the System menu on the top panel of the desktop orby executing the system-config-securitylevel command. Enter the root password whenprompted if running as a non-root user. In the Other ports area, click Add to specifythese two ports.Configuring the NIS ServerTo configure a system as an NIS server, first install the ypserv RPM package via RHN,which installs the portmap package as a dependency. Also install the ypbind via RHN,which installs the yp-tools package as a dependency. The ypserv service provides the NISserver, and ypbind provides the necessary client utilities.