Adding IP addresses from which to accept requests

By default, the Centrify Network Information Service accepts only local NIS client requests. To accept requests from any other NIS clients in a network, modify nisd.securenets in the /etc/centrifydc/centrifydc.conf file to specify the computer subnets from which to accept NIS requests. This parameter configures adnisd to filter NIS client requests by IP address. It ignores all other NIS client requests.

For example, to restrict NIS requests to the single trusted subnet 172.68.0.0, add a line similar to the following to nisd.securenets:

nisd.securenets: 172.68.0.0/255.255.0.0

To specify multiple subnets, separate the entries with commas or spaces:

nisd.securenets: 172.68.0.0/255.255.0.0,196.48.0.0/0

To accept NIS client requests from any computer, use this:

nisd.securenets: 0/0

On systems with multiple Ethernet interfaces, adnisd configures RPC to the first interface. If an NIS client is trying to communicate on a different interface, adnisd will not receive the request.

Before creating sockets, adnisd reads the centrifydc.conf file to see if an IP address and TCP and UPD ports are specified. If not, it uses localhost and random port numbers assigned by the operating system.

You set the IP address, TCP port and UDP port using the nisd.net_addr, nisd.port.tcp, and nisd.port.udp configuration parameters, respectively in the centrifydc.conf file.

For more information, see Configuration and Tuning Reference Guide.