summaryrefslogtreecommitdiff
path: root/misc/Howto
diff options
context:
space:
mode:
authorDavid E. O'Brien <obrien@FreeBSD.org>1998-12-30 04:42:36 +0000
committerDavid E. O'Brien <obrien@FreeBSD.org>1998-12-30 04:42:36 +0000
commitfb6509dd8d31a29fa400d659d21fac6ac3df0944 (patch)
treea27c41ce9475e971350e8253bddeb6b7599974b9 /misc/Howto
parentturn on hbiff (diff)
This is the result from some discussion in some list (can't remember which)
where someone suggested taking the Linux HOW-TOs and make them applicable to FreeBSD. Everyone please feel free to add to this framework.
Notes
Notes: svn path=/head/; revision=15727
Diffstat (limited to 'misc/Howto')
-rw-r--r--misc/Howto/Makefile59
-rw-r--r--misc/Howto/distinfo6
-rw-r--r--misc/Howto/files/HOWTO-INDEX.html52
-rw-r--r--misc/Howto/files/patch-dns689
-rw-r--r--misc/Howto/files/patch-nfs369
-rw-r--r--misc/Howto/files/patch-nis936
-rw-r--r--misc/Howto/pkg-comment1
-rw-r--r--misc/Howto/pkg-descr1
-rw-r--r--misc/Howto/pkg-plist2
9 files changed, 2115 insertions, 0 deletions
diff --git a/misc/Howto/Makefile b/misc/Howto/Makefile
new file mode 100644
index 000000000000..14c700147530
--- /dev/null
+++ b/misc/Howto/Makefile
@@ -0,0 +1,59 @@
+# ex:ts=8
+# Ports collection makefile for: Howto
+# Version required: 1.0
+# Date created: Fri Oct 02, 1998
+# Whom: David O'Brien (obrien@FreeBSD.org)
+#
+# $Id: Makefile,v 1.2 1997/01/25 18:08:40 obrien Exp $
+#
+
+DISTNAME= Howto-1.0
+CATEGORIES= misc
+MASTER_SITES= ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/other-formats/sgml/ \
+ ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/mini/other-formats/sgml/ \
+ http://sunsite.unc.edu/mdw/HOWTO/
+DISTFILES= Linux+FreeBSD.sgml.gz \
+ DNS-HOWTO.sgml.gz \
+ NFS-HOWTO.sgml.gz \
+ NIS-HOWTO.sgml.gz \
+ Security-HOWTO.sgml.gz
+
+MAINTAINER= ports@FreeBSD.org
+
+BUILD_DEPENDS= sgmlfmt:${PORTSDIR}/textproc/sgmlformat
+
+DIST_SUBDIR= Howto
+NO_WRKSUBDIR= yes
+
+do-extract:
+ @${MKDIR} ${WRKSRC}
+ @for file in ${DISTFILES}; do \
+ ${CP} ${_DISTDIR}/$$file ${WRKSRC} ; \
+ case $$file in \
+ *.Z|*.gz) \
+ ${GZIP_CMD} -d ${WRKSRC}/$$file ; \
+ ;; \
+ *.zip) \
+ cd ${WRKSRC} && unzip $$file ; \
+ ;; \
+ *.bz2) \
+ bzip2 -d ${WRKSRC}/$$file ; \
+ ;; \
+ esac; \
+ done
+
+do-build:
+.for howto in ${DISTFILES:S/.gz//}
+ @cd ${WRKSRC} && sgmlfmt -f ascii ${howto}
+ @cd ${WRKSRC} && sgmlfmt -f latin1 ${howto}
+ @cd ${WRKSRC} && sgmlfmt -f html ${howto}
+.endfor
+
+do-install:
+ @${MKDIR} ${PREFIX}/share/doc/Howto/HTML
+ @${INSTALL_MAN} ${FILESDIR}/HOWTO-INDEX.html ${PREFIX}/share/doc/Howto
+ @${INSTALL_MAN} ${WRKSRC}/*.html ${PREFIX}/share/doc/Howto/HTML
+ @${INSTALL_MAN} ${WRKSRC}/*.latin1 ${PREFIX}/share/doc/Howto
+ @${INSTALL_MAN} ${WRKSRC}/*.ascii ${PREFIX}/share/doc/Howto
+
+.include <bsd.port.mk>
diff --git a/misc/Howto/distinfo b/misc/Howto/distinfo
new file mode 100644
index 000000000000..e0bee2f11f9c
--- /dev/null
+++ b/misc/Howto/distinfo
@@ -0,0 +1,6 @@
+MD5 (Howto/Linux+FreeBSD.sgml.gz) = 88bac5898787488b98b2d92d60e6cfe3
+MD5 (Howto/DNS-HOWTO.sgml.gz) = 119c95e11b0c58a885a04a896877f2be
+MD5 (Howto/NFS-HOWTO.sgml.gz) = 857f74f17b4c532cdf3016aa691db457
+MD5 (Howto/NIS-HOWTO.sgml.gz) = f9bb53765e6cdbe7c9206e4023c620a2
+MD5 (Howto/Security-HOWTO.sgml.gz) = 7037dbd0722ea4973eb3badbddea456d
+MD5 (Howto/Advocacy.sgml.gz) = 9e84754b1074f3129f7b03b3eaa6bbe5
diff --git a/misc/Howto/files/HOWTO-INDEX.html b/misc/Howto/files/HOWTO-INDEX.html
new file mode 100644
index 000000000000..e8bfbe1818ed
--- /dev/null
+++ b/misc/Howto/files/HOWTO-INDEX.html
@@ -0,0 +1,52 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+
+<!-- taken from http://sunsite.unc.edu/mdw/HOWTO/HOWTO-INDEX-3.html -->
+
+<HTML>
+<HEAD>
+ <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.7">
+ <TITLE>The FreeBSD HOWTO Index: Index</TITLE>
+</HEAD>
+<BODY>
+
+<H2><A NAME="ss3.1">HOWTOs Index</A>
+</H2>
+
+<P>The following FreeBSD HOWTOs are currently available:
+<P>
+<UL>
+
+
+<LI>
+<A HREF="HTML/DNS-HOWTO_toc.html">DNS HOWTO</A>
+How to set up DNS.
+Updated 25 August 1998.
+</LI>
+
+<LI>
+<A HREF="HTML/Linux+FreeBSD_toc.html">Linux+FreeBSD mini-HOWTO</A>
+How to use Linux and FreeBSD together.
+Updated 18 June 1998.
+</LI>
+
+<LI>
+<A HREF="HTML/NFS-HOWTO_toc.html">NFS HOWTO</A>
+How to set up NFS clients and servers.
+Updated 3 November 1997.
+</LI>
+
+<LI>
+<A HREF="HTML/NIS-HOWTO_toc.html">NIS HOWTO</A>
+Information on using NIS/YP on FreeBSD systems.
+Updated 12 June 1998.
+</LI>
+
+<LI>
+<A HREF="HTML/Security-HOWTO_toc.html">Security HOWTO</A>
+General overview of security issues.
+Updated 1 May 1998.
+</LI>
+
+
+</BODY>
+</HTML>
diff --git a/misc/Howto/files/patch-dns b/misc/Howto/files/patch-dns
new file mode 100644
index 000000000000..63f3d11dbd07
--- /dev/null
+++ b/misc/Howto/files/patch-dns
@@ -0,0 +1,689 @@
+--- DNS-HOWTO.sgml.orig Sat Oct 3 15:27:23 1998
++++ DNS-HOWTO.sgml Sat Oct 3 16:32:31 1998
+@@ -1,4 +1,4 @@
+-<!doctype linuxdoc system>
++<!doctype linuxdoc public "-//FreeBSD//DTD linuxdoc 1.1//EN">
+ <!-- -*-SGML-*- -->
+ <article>
+ <title>DNS HOWTO
+@@ -50,9 +50,9 @@
+ <p>For starters, DNS is is the Domain Name System. DNS converts
+ machine names to the IP numbers that are all the machines addresses,
+ it maps from name to address and from address to name. This HOWTO
+-documents how to define such mappings using a Linux system. A mapping
++documents how to define such mappings using a FreeBSD system. A mapping
+ i simply a association between two things, in this case a machine
+-name, like ftp.linux.org, and the machines IP number, 199.249.150.4.
++name, like ftp.freebsd.org, and the machines IP number, 209.155.82.18.
+
+ <p>DNS is, to the uninitiated (you ;-), one of the more opaque areas
+ of network administration. This HOWTO will try to make a few things
+@@ -85,11 +85,14 @@
+
+ <p>Name serving on Unix is done by a program called <tt/named/. This
+ is a part of the bind package which is coordinated by Paul Vixie for
+-The Internet Software Consortium. <tt/Named/ is included in most
+-Linux distributions and is usually installed as
+-<tt>/usr/sbin/named</tt>. If you have a named you can probably use
+-it; if you don't have one you can get a binary off a Linux ftp site,
+-or get the latest and greatest source from <htmlurl
++The Internet Software Consortium. <tt/Named/ is included in all
++FreeBSD distributions and is installed as
++<tt>/usr/sbin/named</tt>.
++You can get the latest and greatest source from <htmlurl
++url="ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-stable/src/contrib/bind/"
++name="ftp.freebsd.org:/pub/FreeBSD/FreeBSD-stable/src/contrib/bind/">
++or the offical distribution source which the FreeBSD version is based on
++from <htmlurl
+ url="ftp://ftp.isc.org/isc/bind/src/cur/bind-8/"
+ name="ftp.isc.org:/isc/bind/src/cur/bind-8/">. This HOWTO is about
+ bind version 8. The old version of the HOWTO, about bind 4 is still
+@@ -124,14 +127,14 @@
+ waiting time the next time significantly, esp. if you're on a slow
+ connection.
+
+-<p>First you need a file called <tt>/etc/named.conf</tt>. This is
++<p>First you need a file called <tt>/etc/namedb/named.conf</tt>. This is
+ read when named starts. For now it should simply contain:
+
+ <code>
+ // Config file for caching only name server
+
+ options {
+- directory "/var/named";
++ directory "/etc/namedb";
+
+ // Uncommenting this might help if you have to go through a
+ // firewall and things are not working out:
+@@ -146,18 +149,17 @@
+
+ zone "0.0.127.in-addr.arpa" {
+ type master;
+- file "pz/127.0.0";
++ file "localhost.rev";
+ };
+ </code>
+
+ <p>The `<tt/directory/' line tells named where to look for files. All
+-files named subsequently will be relative to this. Thus <tt>pz</tt>
+-is a directory under <tt>/var/named</tt>, i.e.,
+-<tt>/var/named/pz</tt>. <tt>/var/named</tt> is the right directory
+-according to the <em/Linux File system Standard/.
++files named subsequently will be relative to this.
++<tt>/etc/namedb</tt> is the standard directory
++according to the <em>hier(7)</em> manpage.
+
+-<p>The file named <tt>/var/named/root.hints</tt> is named in this.
+-<tt>/var/named/root.hints</tt> should contain this:
++<p>The file named <tt>/etc/namedb/named.root</tt> is named in this.
++<tt>/etc/namedb/named.root</tt> should contain something simular to this:
+
+ <code>
+ . 6D IN NS G.ROOT-SERVERS.NET.
+@@ -195,16 +197,16 @@
+
+ The next section in <tt/named.conf/ is the last <tt/zone/. I will
+ explain its use in a later chapter, for now just make this a file
+-named <tt/127.0.0/ in the subdirectory <tt/pz/:
++named <tt/localhost.rev/ in the subdirectory <tt//etc/namedb/:
+
+ <code>
+-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 1 ; Serial
+ 8H ; Refresh
+ 2H ; Retry
+ 1W ; Expire
+ 1D) ; Minimum TTL
+- NS ns.linux.bogus.
++ NS ns.freebsd.bogus.
+ 1 PTR localhost.
+ </code>
+
+@@ -283,7 +285,7 @@
+ the host name resolving routines to first look in <tt>/etc/hosts</tt>,
+ then ask the name server (which you in <tt/resolv.conf/ said is at
+ 127.0.0.1) These two latest files are documented in the resolv(8) man
+-page (do `<tt/man 8 resolv/') in most Linux distributions. That man
++page (do `<tt/man 8 resolv/') in most FreeBSD distributions. That man
+ page is IMHO readable, and everyone, especially DNS admins, should
+ read it. Do it now, if you say to yourself "I'll do it later" you'll
+ never get around to it.
+@@ -315,7 +317,7 @@
+ </verb></tscreen>
+
+ <p>If there are any messages about errors then there is a mistake.
+-Named will name the file it is in (one of named.conf and root.hints I
++Named will name the file it is in (one of named.conf and named.root I
+ hope :-) Kill named and go back and check the file.
+
+ <p>Now it's time to start nslookup to examine your handy-work.
+@@ -587,7 +589,7 @@
+ <sect1>Our own domain
+
+ <p>Now to define our own domain. We're going to make the domain
+-<em/linux.bogus/ and define machines in it. I use a totally bogus
++<em/freebsd.bogus/ and define machines in it. I use a totally bogus
+ domain name to make sure we disturb no-one Out There.
+
+ <p>One more thing before we start: Not all characters are allowed in
+@@ -601,24 +603,24 @@
+ <code>
+ zone "0.0.127.in-addr.arpa" {
+ type master;
+- file "pz/127.0.0";
++ file "localhost.rev";
+ };
+ </code>
+
+ <p>Please note the lack of `<tt/./' at the end of the domain names in
+ this file. This says that now we will define the zone
+ <tt/0.0.127.in-addr.arpa/, that we're the master server for it and
+-that it is stored in a file called <tt>pz/127.0.0</tt>. We've already
++that it is stored in a file called <tt>localhost.rev</tt>. We've already
+ set up this file, it reads:
+
+ <code>
+-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 1 ; Serial
+ 8H ; Refresh
+ 2H ; Retry
+ 1W ; Expire
+ 1D) ; Minimum TTL
+- NS ns.linux.bogus.
++ NS ns.freebsd.bogus.
+ 1 PTR localhost.
+ </code>
+
+@@ -643,11 +645,11 @@
+ Saves some typing that. So the NS line really reads
+
+ <tscreen><verb>
+-0.0.127.in-addr.arpa. IN NS ns.linux.bogus
++0.0.127.in-addr.arpa. IN NS ns.freebsd.bogus
+ </verb></tscreen>
+
+ <p>It tells DNS what machine is the name server of the domain
+-<tt/0.0.127.in-addr.arpa/, it is <tt/ns.linux.bogus/. 'ns' is a
++<tt/0.0.127.in-addr.arpa/, it is <tt/ns.freebsd.bogus/. 'ns' is a
+ customary name for name-servers, but as with web servers who are
+ customarily named <tt/www./<em/something/ the name may be anything.
+
+@@ -658,8 +660,8 @@
+ <p>The SOA record is the preamble to <em/all/ zone files, and there
+ should be exactly one in each zone file, the very first record. It
+ describes the zone, where it comes from (a machine called
+-<tt/ns.linux.bogus/), who is responsible for its contents
+-(<tt/hostmaster@linux.bogus/), what version of the zone file this is
++<tt/ns.freebsd.bogus/), who is responsible for its contents
++(<tt/hostmaster@freebsd.bogus/), what version of the zone file this is
+ (serial: 1), and other things having to do with caching and secondary
+ DNS servers. For the rest of the fields, refresh, retry, expire and
+ minimum use the numbers used in this HOWTO and you should be safe.
+@@ -682,28 +684,28 @@
+ </verb></tscreen>
+
+ so it manages to get <tt/localhost/ from 127.0.0.1, good. Now for our
+-main task, the <tt/linux.bogus/ domain, insert a new 'zone' section in
++main task, the <tt/freebsd.bogus/ domain, insert a new 'zone' section in
+ <tt/named.conf/:
+
+ <code>
+-zone "linux.bogus" {
++zone "freebsd.bogus" {
+ notify no;
+ type master;
+- file "pz/linux.bogus";
++ file "freebsd.bogus";
+ };
+ </code>
+
+ <p>Note the continued lack of ending `<tt/./' on the domain name in the
+ <tt/named.conf/ file.
+
+-<p>In the linux.bogus zone file we'll put some totally bogus data:
++<p>In the freebsd.bogus zone file we'll put some totally bogus data:
+ <code>
+ ;
+-; Zone file for linux.bogus
++; Zone file for freebsd.bogus
+ ;
+ ; The full zone file
+ ;
+-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 199802151 ; serial, todays date + todays serial #
+ 8H ; refresh, seconds
+ 2H ; retry, seconds
+@@ -711,7 +713,7 @@
+ 1D ) ; minimum, seconds
+ ;
+ NS ns ; Inet Address of name server
+- MX 10 mail.linux.bogus ; Primary Mail Exchanger
++ MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
+ MX 20 mail.friend.bogus. ; Secondary Mail Exchanger
+ ;
+ localhost A 127.0.0.1
+@@ -719,11 +721,11 @@
+ mail A 192.168.196.4
+ </code>
+
+-<p>Two things must be noted about the SOA record. ns.linux.bogus
++<p>Two things must be noted about the SOA record. ns.freebsd.bogus
+ <em/must/ be a actual machine with a A record. It is not legal to
+ have a CNAME record for he machine mentioned in the SOA record. It's
+ name need not be `ns', it could be any legal host name. Next,
+-hostmaster.linux.bogus should be read as hostmaster@linux.bogus, this
++hostmaster.freebsd.bogus should be read as hostmaster@freebsd.bogus, this
+ should be a mail alias, or a mailbox, where the person(s) maintaining
+ DNS should read mail frequently. Any mail regarding the domain will
+ be sent to the address listed here. The name need not be
+@@ -732,7 +734,7 @@
+
+ <p>There is one new RR type in this file, the MX, or Mail eXchanger
+ RR. It tells mail systems where to send mail that is addressed to
+-<tt/someone@linux.bogus/, namely too <tt/mail.linux.bogus/ or
++<tt/someone@freebsd.bogus/, namely too <tt/mail.freebsd.bogus/ or
+ <tt/mail.friend.bogus/. The number before each machine name is that
+ MX RRs priority. The RR with the lowest number (10) is the one mail
+ should be sent to primarily. If that fails it can be sent to one with
+@@ -745,51 +747,51 @@
+ <tscreen><verb>
+ $ nslookup
+ > set q=any
+-> linux.bogus
++> freebsd.bogus
+ Server: localhost
+ Address: 127.0.0.1
+
+-linux.bogus
+- origin = ns.linux.bogus
+- mail addr = hostmaster.linux.bogus
++freebsd.bogus
++ origin = ns.freebsd.bogus
++ mail addr = hostmaster.freebsd.bogus
+ serial = 199802151
+ refresh = 28800 (8 hours)
+ retry = 7200 (2 hours)
+ expire = 604800 (7 days)
+ minimum ttl = 86400 (1 day)
+-linux.bogus nameserver = ns.linux.bogus
+-linux.bogus preference = 10, mail exchanger = mail.linux.bogus.linux.bogus
+-linux.bogus preference = 20, mail exchanger = mail.friend.bogus
+-linux.bogus nameserver = ns.linux.bogus
+-ns.linux.bogus internet address = 192.168.196.2
+-mail.linux.bogus internet address = 192.168.196.4
++freebsd.bogus nameserver = ns.freebsd.bogus
++freebsd.bogus preference = 10, mail exchanger = mail.freebsd.bogus.freebsd.bogus
++freebsd.bogus preference = 20, mail exchanger = mail.friend.bogus
++freebsd.bogus nameserver = ns.freebsd.bogus
++ns.freebsd.bogus internet address = 192.168.196.2
++mail.freebsd.bogus internet address = 192.168.196.4
+ </verb></tscreen>
+
+ <p>Upon careful examination you will discover a bug. The line
+
+ <tscreen><verb>
+-linux.bogus preference = 10, mail exchanger = mail.linux.bogus.linux.bogus
++freebsd.bogus preference = 10, mail exchanger = mail.freebsd.bogus.freebsd.bogus
+ </verb></tscreen>
+
+ is all wrong. It should be
+
+ <tscreen><verb>
+-linux.bogus preference = 10, mail exchanger = mail.linux.bogus
++freebsd.bogus preference = 10, mail exchanger = mail.freebsd.bogus
+ </verb></tscreen>
+
+ <p>I deliberately made a mistake so you could learn from it :-) Looking
+ in the zone file we find that the line
+
+ <tscreen><verb>
+- MX 10 mail.linux.bogus ; Primary Mail Exchanger
++ MX 10 mail.freebsd.bogus ; Primary Mail Exchanger
+ </verb></tscreen>
+
+-is missing a period. Or has a 'linux.bogus' too many. If a machine
++is missing a period. Or has a 'freebsd.bogus' too many. If a machine
+ name does not end in a period in a zone file the origin is added to
+-its end causing the double <tt/linux.bogus.linux.bogus/. So either
++its end causing the double <tt/freebsd.bogus.freebsd.bogus/. So either
+
+ <code>
+- MX 10 mail.linux.bogus. ; Primary Mail Exchanger
++ MX 10 mail.freebsd.bogus. ; Primary Mail Exchanger
+ </code>
+
+ or
+@@ -814,18 +816,18 @@
+
+ <code>
+ ;
+-; Zone file for linux.bogus
++; Zone file for freebsd.bogus
+ ;
+ ; The full zone file
+ ;
+-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 199802151 ; serial, todays date + todays serial #
+ 8H ; refresh, seconds
+ 2H ; retry, seconds
+ 1W ; expire, seconds
+ 1D ) ; minimum, seconds
+ ;
+- TXT "Linux.Bogus, your DNS consultants"
++ TXT "FreeBSD.Bogus, your DNS consultants"
+ NS ns ; Inet Address of name server
+ NS ns.friend.bogus.
+ MX 10 mail ; Primary Mail Exchanger
+@@ -840,31 +842,31 @@
+ ns A 192.168.196.2
+ MX 10 mail
+ MX 20 mail.friend.bogus.
+- HINFO "Pentium" "Linux 2.0"
++ HINFO "Pentium" "FreeBSD 3.0"
+ www CNAME ns
+
+ donald A 192.168.196.3
+ MX 10 mail
+ MX 20 mail.friend.bogus.
+- HINFO "i486" "Linux 2.0"
++ HINFO "i486" "FreeBSD 3.0"
+ TXT "DEK"
+
+ mail A 192.168.196.4
+ MX 10 mail
+ MX 20 mail.friend.bogus.
+- HINFO "386sx" "Linux 1.2"
++ HINFO "386sx" "FreeBSD 2.2"
+
+ ftp A 192.168.196.5
+ MX 10 mail
+ MX 20 mail.friend.bogus.
+- HINFO "P6" "Linux 2.1.86"
++ HINFO "P6" "FreeBSD 2.1.86"
+ </code>
+
+ <p>There are a number of new RRs here: HINFO (Host INFOrmation) has
+ two parts, it's a good habit to quote each. The first part is the
+ hardware or CPU on the machine, and the second part the software or OS
+ on the machine. The machine called 'ns' has a Pentium CPU and runs
+-Linux 2.0. CNAME (Canonical NAME) is a way to give each machine
++FreeBSD 3.0. CNAME (Canonical NAME) is a way to give each machine
+ several names. So www is an alias for ns.
+
+ <p>CNAME record usage is a bit controversial. But it's safe to follow
+@@ -883,7 +885,7 @@
+ </code>
+
+ <p>It's also safe to assume that a CNAME is not a legal host name for
+-a e-mail address: <tt/webmaster@www.linux.bogus/ is an ilegal e-mail
++a e-mail address: <tt/webmaster@www.freebsd.bogus/ is an ilegal e-mail
+ address given the setup above. You can expect quite a few mail admins
+ Out There to enforce this rule even if it works for you. The way to
+ avoid this is to use A records (and perhaps some others too, like a MX
+@@ -907,14 +909,14 @@
+ Default Server: localhost
+ Address: 127.0.0.1
+
+-> ls -d linux.bogus
++> ls -d freebsd.bogus
+ </verb></tscreen>
+
+ <p>This means that all records should be listed. It results in this:
+
+ <tscreen><verb>
+ [localhost]
+-$ORIGIN linux.bogus.
++$ORIGIN freebsd.bogus.
+ @ 1D IN SOA ns hostmaster (
+ 199802151 ; serial
+ 8H ; refresh
+@@ -924,7 +926,7 @@
+
+ 1D IN NS ns
+ 1D IN NS ns.friend.bogus.
+- 1D IN TXT "Linux.Bogus, your DNS consultants"
++ 1D IN TXT "FreeBSD.Bogus, your DNS consultants"
+ 1D IN MX 10 mail
+ 1D IN MX 20 mail.friend.bogus.
+ gw 1D IN A 192.168.196.1
+@@ -933,22 +935,22 @@
+ mail 1D IN A 192.168.196.4
+ 1D IN MX 10 mail
+ 1D IN MX 20 mail.friend.bogus.
+- 1D IN HINFO "386sx" "Linux 1.0.9"
++ 1D IN HINFO "386sx" "FreeBSD 2.1.5"
+ localhost 1D IN A 127.0.0.1
+ www 1D IN CNAME ns
+ donald 1D IN A 192.168.196.3
+ 1D IN MX 10 mail
+ 1D IN MX 20 mail.friend.bogus.
+- 1D IN HINFO "i486" "Linux 1.2"
++ 1D IN HINFO "i486" "FreeBSD 2.2"
+ 1D IN TXT "DEK"
+ ftp 1D IN A 192.168.196.5
+ 1D IN MX 10 mail
+ 1D IN MX 20 mail.friend.bogus.
+- 1D IN HINFO "P6" "Linux 1.3.59"
++ 1D IN HINFO "P6" "FreeBSD 2.2.7"
+ ns 1D IN A 192.168.196.2
+ 1D IN MX 10 mail
+ 1D IN MX 20 mail.friend.bogus.
+- 1D IN HINFO "Pentium" "Linux 1.2"
++ 1D IN HINFO "Pentium" "FreeBSD 2.2"
+ @ 1D IN SOA ns hostmaster (
+ 199802151 ; serial
+ 8H ; refresh
+@@ -962,25 +964,25 @@
+
+ <tscreen><verb>
+ > set q=any
+-> www.linux.bogus.
++> www.freebsd.bogus.
+ Server: localhost
+ Address: 127.0.0.1
+
+-www.linux.bogus canonical name = ns.linux.bogus
+-linux.bogus nameserver = ns.linux.bogus
+-linux.bogus nameserver = ns.friend.bogus
+-ns.linux.bogus internet address = 192.168.196.2
++www.freebsd.bogus canonical name = ns.freebsd.bogus
++freebsd.bogus nameserver = ns.freebsd.bogus
++freebsd.bogus nameserver = ns.friend.bogus
++ns.freebsd.bogus internet address = 192.168.196.2
+ </verb></tscreen>
+
+-<p>In other words, the real name of <tt>www.linux.bogus</tt> is
+-<tt/ns.linux.bogus/, and it gives you some of the information it has
++<p>In other words, the real name of <tt>www.freebsd.bogus</tt> is
++<tt/ns.freebsd.bogus/, and it gives you some of the information it has
+ about ns as well, enough to connect to it if you were a program.
+
+ <p>Now we're halfway.
+
+ <sect1>The reverse zone
+
+-<p>Now programs can convert the names in linux.bogus to addresses
++<p>Now programs can convert the names in freebsd.bogus to addresses
+ which they can connect to. But also required is a reverse zone, one
+ making DNS able to convert from an address to a name. This name is
+ used buy a lot of servers of different kinds (FTP, IRC, WWW and
+@@ -994,7 +996,7 @@
+ zone "196.168.192.in-addr.arpa" {
+ notify no;
+ type master;
+- file "pz/192.168.196";
++ file "192.168.196";
+ };
+ </code>
+
+@@ -1002,19 +1004,19 @@
+ contents are similar:
+
+ <code>
+-@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 199802151 ; Serial, todays date + todays serial
+ 8H ; Refresh
+ 2H ; Retry
+ 1W ; Expire
+ 1D) ; Minimum TTL
+- NS ns.linux.bogus.
++ NS ns.freebsd.bogus.
+
+-1 PTR gw.linux.bogus.
+-2 PTR ns.linux.bogus.
+-3 PTR donald.linux.bogus.
+-4 PTR mail.linux.bogus.
+-5 PTR ftp.linux.bogus.
++1 PTR gw.freebsd.bogus.
++2 PTR ns.freebsd.bogus.
++3 PTR donald.freebsd.bogus.
++4 PTR mail.freebsd.bogus.
++5 PTR ftp.freebsd.bogus.
+ </code>
+
+ <p>Now you restart your named (<tt/ndc restart/) and examine your
+@@ -1025,7 +1027,7 @@
+ Server: localhost
+ Address: 127.0.0.1
+
+-Name: mail.linux.bogus
++Name: mail.freebsd.bogus
+ Address: 192.168.196.4
+ </code>
+
+@@ -1035,20 +1037,20 @@
+ > ls -d 196.168.192.in-addr.arpa
+ [localhost]
+ $ORIGIN 196.168.192.in-addr.arpa.
+-@ 1D IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++@ 1D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 199802151 ; serial
+ 8H ; refresh
+ 2H ; retry
+ 1W ; expiry
+ 1D ) ; minimum
+
+- 1D IN NS ns.linux.bogus.
+-1 1D IN PTR gw.linux.bogus.
+-2 1D IN PTR ns.linux.bogus.
+-3 1D IN PTR donald.linux.bogus.
+-4 1D IN PTR mail.linux.bogus.
+-5 1D IN PTR ftp.linux.bogus.
+-@ 1D IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
++ 1D IN NS ns.freebsd.bogus.
++1 1D IN PTR gw.freebsd.bogus.
++2 1D IN PTR ns.freebsd.bogus.
++3 1D IN PTR donald.freebsd.bogus.
++4 1D IN PTR mail.freebsd.bogus.
++5 1D IN PTR ftp.freebsd.bogus.
++@ 1D IN SOA ns.freebsd.bogus. hostmaster.freebsd.bogus. (
+ 199802151 ; serial
+ 8H ; refresh
+ 2H ; retry
+@@ -1086,19 +1088,19 @@
+ here differs a bit from what you find if you query LAND-5's name
+ servers now.
+
+-<sect1>/etc/named.conf (or /var/named/named.conf)
++<sect1>/etc/namedb/named.conf
+
+ <p>Here we find master zone sections for the two reverse zones needed:
+ the 127.0.0 net, as well as LAND-5's 206.6.177 subnet. And a primary
+ line for land-5's forward zone land-5.com. Also note that instead of
+-stuffing the files in a directory called <tt/pz/, as I do in this
++stuffing the files in the <tt>namedb</tt>, as I do in this
+ HOWTO, he puts them in a directory called <tt/zone/.
+
+ <code>
+ // Boot file for LAND-5 name server
+
+ options {
+- directory "/var/named";
++ directory "/etc/namedb";
+ };
+
+ zone "." {
+@@ -1126,7 +1128,7 @@
+ put <tt/notify no;/ in the zone sections for the two land-5 zones so
+ as to avoid accidents.
+
+-<sect1>/var/named/root.hints
++<sect1>/etc/namedb/named.root
+
+ <p>Keep in mind that this file is dynamic, and the one listed here is
+ old. You're better off using one produced now, with dig, as explained
+@@ -1178,7 +1180,7 @@
+ ;; MSG SIZE sent: 17 rcvd: 436
+ </code>
+
+-<sect1>/var/named/zone/127.0.0
++<sect1>/etc/namedb/localhost.rev
+
+ <p>Just the basics, the obligatory SOA record, and a record that maps
+ 127.0.0.1 to <tt/localhost/. Both are required. No more should be in
+@@ -1197,7 +1199,7 @@
+ 1 PTR localhost.
+ </code>
+
+-<sect1>/var/named/zone/land-5.com
++<sect1>/etc/namedb/land-5.com
+
+ <p>Here we see the mandatory SOA record, the needed NS records. We
+ can see that he has a secondary name server at ns2.psi.net. This is
+@@ -1286,7 +1288,7 @@
+ <p>We also see that funn.land-5.com is an alias for land-5.com, but
+ using an A record, not a CNAME record.
+
+-<sect1>/var/named/zone/206.6.177
++<sect1>/etc/namedb/206.6.177
+
+ <p>I'll comment on this file after it.
+
+@@ -1394,25 +1396,25 @@
+ echo
+
+ export PATH=/sbin:/usr/sbin:/bin:/usr/bin:
+- cd /var/named
++ cd /etc/namedb
+
+- dig @rs.internic.net . ns >root.hints.new
++ dig @rs.internic.net . ns >named.root.new
+
+ echo "The named.conf file has been updated to contain the following
+ information:"
+ echo
+- cat root.hints.new
++ cat named.root.new
+
+- chown root.root root.hints.new
+- chmod 444 root.hints.new
+- rm -f root.hints.old
+- mv root.hints root.hints.old
+- mv root.hints.new root.hints
++ chown root.root named.root.new
++ chmod 444 named.root.new
++ rm -f named.root.old
++ mv named.root named.root.old
++ mv named.root.new named.root
+ ndc restart
+ echo
+ echo "The nameserver has been restarted to ensure that the update is complete."
+- echo "The previous root.hints file is now called
+-/var/named/root.hints.old."
++ echo "The previous named.root file is now called
++/etc/namedb/named.root.old."
+ ) 2>&1 | /usr/lib/sendmail -t
+ exit 0
+ </code>
+@@ -1433,7 +1435,7 @@
+ style) for a cache-only name server:å
+
+ <code>
+-directory /var/named
++directory /etc/namedb
+ cache . root.hints
+ primary 0.0.127.IN-ADDR.ARPA 127.0.0.zone
+ primary localhost localhost.zone
+@@ -1454,7 +1456,7 @@
+ // generated by named-bootconf.pl
+
+ options {
+- directory "/var/named";
++ directory "/etc/namedb";
+ };
+
+ zone "." {
+@@ -1480,13 +1482,13 @@
+
+ <code>
+ // This is a configuration file for named (from BIND 8.1 or later).
+-// It would normally be installed as /etc/named.conf.
++// It would normally be installed as /etc/namedb/named.conf.
+ // The only change made from the `stock' named.conf (aside from this
+ // comment :) is that the directory line was uncommented, since I
+-// already had the zone files in /var/named.
++// already had the zone files in /etc/namedb.
+
+ options {
+- directory "/var/named";
++ directory "/etc/namedb";
+ check-names master warn; /* default. */
+ datasize 20M;
+ };
+@@ -1556,9 +1558,9 @@
+ like this in the named.conf file of your secondary:
+
+ <code>
+- zone "linux.bogus" {
++ zone "freebsd.bogus" {
+ type slave;
+- file "sz/linux.bogus";
++ file "freebsd.bogus";
+ masters { 127.0.0.1; };
+ };
+ </code>
diff --git a/misc/Howto/files/patch-nfs b/misc/Howto/files/patch-nfs
new file mode 100644
index 000000000000..441f0636fda0
--- /dev/null
+++ b/misc/Howto/files/patch-nfs
@@ -0,0 +1,369 @@
+--- NFS-HOWTO.sgml.orig Sat Oct 3 01:30:40 1998
++++ NFS-HOWTO.sgml Sat Oct 3 02:20:23 1998
+@@ -67,7 +67,7 @@
+ networking and the terms used. If you don't recognize the terms you
+ can either go back and check the networking HOWTO, wing it, or get a
+ book about TCP/IP network administration to familiarize yourself with
+-TCP/IP. That's a good idea anyway if you're administrating UNIX/Linux
++TCP/IP. That's a good idea anyway if you're administrating UNIX
+ machines. A very good book on the subject is <em>TCP/IP Network
+ Administration</em> by Craig Hunt, published by O'Reilly &amp;
+ Associates, Inc. And after you've read it and understood it you'll
+@@ -96,7 +96,7 @@
+ skip ahead to the section on <ref id="nfs-client" name="setting up a
+ NFS client">
+
+-<p>If you need to set up a non-Linux box as server you will have to
++<p>If you need to set up a non-FreeBSD box as server you will have to
+ read the system manual(s) to discover how to enable NFS serving and
+ export of file systems through NFS. There is a separate section in
+ this HOWTO on how to do it on many different systems. After you have
+@@ -109,8 +109,8 @@
+
+ <sect1>The portmapper<label id="portmapper">
+
+-<p>The portmapper on Linux is called either <tt/portmap/ or
+-<tt/rpc.portmap/. The man page on my system says it is a "DARPA port
++<p>The portmapper on FreeBSD is called <tt/portmap/.
++The man page on my system says it is a "DARPA port
+ to RPC program number mapper". It is the first security holes you'll
+ open reading this HOWTO. Description of how to close one of the holes
+ is in the <ref id="nfs-security" name="security section">. Which I,
+@@ -157,24 +157,23 @@
+ use./ There is a separate section in this HOWTO about other Unixes
+ <tt/exports/ files.
+
+-<p>Now we're set to start mountd (or maybe it's called <tt/rpc.mountd/
+-and then nfsd (which could be called <tt/rpc.nfsd/). They will both
++<p>Now we're set to start mountd
++and then nfsd. They will both
+ read the exports file.
+
+ <p>If you edit <tt>/etc/exports</tt> you will have to make sure nfsd
+ and mountd knows that the files have changed. The traditonal way is
+-to run <tt/exportfs/. Many Linux distributions lack a exportfs
+-program. If you're exportfs-less you can install this script on your
++to run <tt/exportfs/. FreeBSD lacks a exportfs
++program. Yyou can install this script on your
+ machine:
+
+ <code>
+ #!/bin/sh
+-killall -HUP /usr/sbin/rpc.mountd
+-killall -HUP /usr/sbin/rpc.nfsd
++/bin/kill -HUP `/bin/cat /var/run/mountd.pid`
+ echo re-exported file systems
+ </code>
+
+-<p>Save it in, say, <tt>/usr/sbin/exportfs</tt>, and don't forget to
++<p>Save it in, say, <tt>/usr/local/sbin/exportfs</tt>, and don't forget to
+ <tt/chmod a+rx/ it. Now, whenever you change your exports file, you
+ run exportfs after, as root.
+
+@@ -221,12 +220,8 @@
+ <sect>Setting up a NFS client<label id="nfs-client">
+
+ <p>First you will need a kernel with the NFS file system either
+-compiled in or available as a module. This is configured before you
+-compile the kernel. If you have never compiled a kernel before you
+-might need to check the kernel HOWTO and figure it out. If you're
+-using a very cool distribution (like Red Hat) and you've never fiddled
+-with the kernel or modules on it (and thus ruined it ;-), nfs is
+-likely automagicaly available to you.
++compiled in or available as a module. This is configured in the GENERIC
++FreeBSD kernel for you.
+
+ <p>You can now, at a root prompt, enter a appropriate mount command and
+ the file system will appear. Continuing the example in the previous
+@@ -259,7 +254,7 @@
+ as this is required:
+
+ <code>
+-# device mountpoint fs-type options dump fsckorder
++# Device Mountpoint FStype Options Dump Pass#
+ ...
+ eris:/mn/eris/local /mnt nfs rsize=1024,wsize=1024 0 0
+ ...
+@@ -294,7 +289,7 @@
+ <p>Picking up the previous example, this is now your fstab entry:
+
+ <code>
+-# device mountpoint fs-type options dump fsckorder
++# Device Mountpoint FStype Options Dump Pass#
+ ...
+ eris:/mn/eris/local /mnt nfs rsize=1024,wsize=1024,hard,intr 0 0
+ ...
+@@ -304,8 +299,8 @@
+ <sect1>Optimizing NFS<label id="optimizing">
+
+ <p>Normally, if no rsize and wsize options are specified NFS will read
+-and write in chunks of 4096 or 8192 bytes. Some combinations of Linux
+-kernels and network cards cannot handle that large blocks, and it
++and write in chunks of 4096 or 8192 bytes. Some
++network cards cannot handle that large blocks, and it
+ might not be optimal, anyway. So we'll want to experiment and find a
+ rsize and wsize that works and is as fast as possible. You can test
+ the speed of your options with some simple commands. Given the mount
+@@ -341,7 +336,7 @@
+ have different optimal sizes. SunOS and Solaris is reputedly a lot
+ faster with 4096 byte blocks than with anything else.
+
+-<p>Newer Linux kernels (since 1.3 sometime) perform read-ahead for
++<p>Newer FreeBSD kernels (since 3.0) perform read-ahead for
+ rsizes larger or equal to the machine page size. On Intel CPUs the
+ page size is 4096 bytes. Read ahead will <em/significantly/ increase
+ the NFS read performance. So on a Intel machine you will want 4096
+@@ -355,13 +350,13 @@
+ requests shall not be considered finished before the data written is
+ on a non-volatile medium (normally the disk). This restricts the
+ write performance somewhat, asynchronous writes will speed NFS writes
+-up. The Linux nfsd has never done synchronous writes since the Linux
++up. The FreeBSD nfsd has never done synchronous writes since the FreeBSD
+ file system implementation does not lend itself to this, but on
+-non-Linux servers you can increase the performance this way with this
++non-FreeBSD servers you can increase the performance this way with this
+ in your exports file:
+
+ <code>
+-/dir -async,access=linuxbox
++/dir -async,access=freebsdbox
+ </code>
+
+ <p>or something similar. Please refer to the exports man page on the
+@@ -587,10 +582,10 @@
+ servers root account. In the NFSd man page there are several other
+ squash options listed so that you can decide to mistrust whomever you
+ (don't) like on the clients. You also have options to squash any UID
+-and GID range you want to. This is described in the Linux NFSd man
++and GID range you want to. This is described in the FreeBSD NFSd man
+ page.
+
+-<p>root_squash is in fact the default with the Linux NFSd, to grant
++<p>root_squash is in fact the default with the FreeBSD NFSd, to grant
+ root access to a filesystem use <tt/no_root_squash/.
+
+ <p>Another important thing is to ensure that nfsd checks that all it's
+@@ -598,7 +593,7 @@
+ any old port on the client a user with no special privileges can run a
+ program that's is easy to obtain over the Internet. It talks nfs
+ protocol and will claim that the user is anyone the user wants to be.
+-Spooky. The Linux nfsd does this check by default, on other OSes you
++Spooky. The FreeBSD nfsd does this check by default, on other OSes you
+ have to enable this check yourself. This should be described in the
+ nfsd man page for the OS.
+
+@@ -609,74 +604,9 @@
+
+ <p>The basic portmapper, in combination with nfsd has a design problem
+ that makes it possible to get to files on NFS servers without any
+-privileges. Fortunately the portmapper Linux uses is relatively
+-secure against this attack, and can be made more secure by configuring
+-up access lists in two files.
++privileges. Fortunately the portmapper FreeBSD uses is relatively
++secure against this attack.
+
+-<p>First we edit <tt>/etc/hosts.deny</tt>. It should contain the line
+-
+-<code>
+-portmap: ALL
+-</code>
+-
+-which will deny access to <em/everyone/. That's a bit drastic
+-perhaps, so we open it again by editing <tt>/etc/hosts.allow</tt>.
+-But first we need to figure out what to put in it. It should
+-basically list all machines that should have access to your
+-portmapper. On a run of the mill Linux system there are very few
+-machines that need any access for any reason. The portmapper
+-administrates nfsd, mountd, ypbind/ypserv, pcnfsd, and 'r' services
+-like ruptime and rusers. Of these only nfsd, mountd, ypbind/ypserv
+-and perhaps pcnfsd are of any consequence. All machines that needs to
+-access services on your machine should be allowed to do that. Let's
+-say that your machines address is 129.240.223.254 and that it lives on
+-the subnet 129.240.223.0 should have access to it (those are terms
+-introduced by the networking HOWTO, go back and refresh your memory if
+-you need to). Then we write
+-
+-<code>
+-portmap: 129.240.223.0/255.255.255.0
+-</code>
+-
+-in <tt/hosts.allow/. This is the same as the network address you give
+-to route and the subnet mask you give to ifconfig. For the device
+-<tt/eth0/ on this machine <tt/ifconfig/ should show
+-
+-<code>
+-...
+-eth0 Link encap:10Mbps Ethernet HWaddr 00:60:8C:96:D5:56
+- inet addr:129.240.223.254 Bcast:129.240.223.255 Mask:255.255.255.0
+- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
+- RX packets:360315 errors:0 dropped:0 overruns:0
+- TX packets:179274 errors:0 dropped:0 overruns:0
+- Interrupt:10 Base address:0x320
+-...
+-</code>
+-
+-and <tt/netstat -rn/ should show
+-
+-<code>
+-Kernel routing table
+-Destination Gateway Genmask Flags Metric Ref Use Iface
+-...
+-129.240.223.0 0.0.0.0 255.255.255.0 U 0 0 174412 eth0
+-...
+-</code>
+-
+-(Network address in first column).
+-
+-The <tt/hosts.deny/ and <tt/hosts.allow/ files are described in the
+-manual pages of the same names.
+-
+-<p><bf/IMPORTANT:/ Do <em/not/ put <em/anything/ but <em/IP NUMBERS/ in
+-the portmap lines of these files. Host name lookups can indirectly
+-cause portmap activity which will trigger host name lookups which can
+-indirectly cause portmap activity which will trigger...
+-
+-<p>The above things should make your server tighter. The only
+-remaining problem (Yeah, right!) is someone breaking root (or boot
+-MS-DOS) on a trusted machine and using that privilege to send requests
+-from a secure port as any user they want to be.
+
+ <sect1>NFS and firewalls<label id="security-firewalls">
+
+@@ -692,13 +622,13 @@
+
+ <sect1>Summary<label id="security-summary">
+
+-<p>If you use the hosts.allow/deny, root_squash, nosuid and privileged
++<p>If you use the nosuid and privileged
+ port features in the portmapper/nfs software you avoid many of the
+ presently known bugs in nfs and can almost feel secure about <em/that/
+ at least. But still, after all that: When an intruder has access to
+ your network, s/he can make strange commands appear in your
+ <tt/.forward/ or mailbox file when <tt>/home</tt> or
+-<tt>/var/spool/mail</tt> are mounted over NFS. For the same reason,
++<tt>/var/mail</tt> are mounted over NFS. For the same reason,
+ you should never access your PGP private key over nfs. Or at least
+ you should know the risk involved. And now you know a bit of it.
+
+@@ -706,10 +636,10 @@
+ it's not totally unlikely that new bugs will be discovered, either in
+ the basic design or the implementation we use. There might even be
+ holes known now, which someone is abusing. But that's life. To keep
+-abreast of things like this you should at least read the newsgroups
+-<htmlurl url="news:comp.os.linux.announce"
+-name="comp.os.linux.announce"> and <htmlurl
+-url="news:comp.security.announce" name="comp.security.announce"> at a
++abreast of things like this you should at least read the mailing lists
++<htmlurl url="mailto:freebsd-security@FreeBSD.org"
++name="freebsd-security@FreeBSD.org">
++at a
+ absolute minimum.
+
+ <sect>Mount Checklist
+@@ -761,10 +691,7 @@
+
+ <p><bf/Fix:/ Get the date set right.
+
+-<p>The HOWTO author recommends using NTP to synchronize clocks. Since
+-there are export restrictions on NTP in the US you have to get NTP for
+-debian, redhat or slackware from
+-ftp://ftp.hacktic.nl/pub/replay/pub/linux or a mirror.
++<p>The HOWTO author recommends using NTP to synchronize clocks.
+
+ <item>The server can not accept a mount from a user that is in more
+ than 8 groups.
+@@ -774,93 +701,10 @@
+
+ </enum>
+
+-<sect>FAQs
+-
+-<p>This is the FAQ section. Most of it was written by Alan Cox.
+-
+-<enum>
+-
+- <item>I get a lot of 'stale nfs handle' errors when using Linux as
+- a nfs server.
+-
+- <p>This is caused by a bug in some oldish nfsd versions. It is
+- fixed in nfs-server2.2beta16 and later.
+-
+- <item>When I try to mount a file system I get
+-
+- <tscreen><verb>
+- can't register with portmap: system error on send
+- </verb></tscreen>
+-
+- <p>You are probably using a Caldera system. There is a bug in the
+- rc scripts. Please contact Caldera to obtain a fix.
+-
+- <item>Why can't I execute a file after copying it to the NFS server?
+-
+- <p>The reason is that nfsd caches open file handles for performance
+- reasons (remember, it runs in user space). While nfsd has a file
+- open (as is the case after writing to it), the kernel won't allow
+- you to execute it. Nfsds newer than ~spring 95 release open files
+- after a few seconds, older ones would cling to them for days.
+-
+- <item>My NFS files are all read only
+-
+- <p>The Linux NFS server defaults to read only. RTFM the ``exports''
+- and nfsd manual pages. You will need to alter <tt>/etc/exports</tt>.
+-
+- <item>I mount from a linux nfs server and while ls works I can't
+- read or write files.
+-
+- <p>On older versions of Linux you must mount a NFS servers with
+- <tt/rsize=1024,wsize=1024/.
+-
+- <item>I mount from a Linux NFS server with a block size of between
+- 3500-4000 and it crashes the Linux box regularly
+-
+- <p>Basically don't do it then.
+-
+- <item>Can Linux do NFS over TCP
+-
+- <p>No, not at present.
+-
+- <item>I get loads of strange errors trying to mount a machine from a
+- Linux box.
+-
+- <p>Make sure your users are in 8 groups or less. Older servers
+- require this.
+-
+- <item>When I reboot my machine it sometimes hangs when trying to
+- unmount a hung NFS server.
+-
+- <p>Do <bf/not/ unmount NFS servers when rebooting or halting, just
+- ignore them, it will not hurt anything if you don't unmount them.
+- The command is <tt/umount -avt nonfs/.
+-
+- <item>Linux NFS clients are very slow when writing to Sun and BSD
+- systems
+-
+- <p>NFS writes are normally synchronous (you can disable this if you
+- don't mind risking losing data). Worse still BSD derived kernels
+- tend to be unable to work in small blocks. Thus when you write 4K of
+- data from a Linux box in the 1K packets it uses BSD does this
+-
+- <tscreen><verb>
+- read 4K page
+- alter 1K
+- write 4K back to physical disk
+- read 4K page
+- alter 1K
+- write 4K page back to physical disk
+- etc..
+- </verb></tscreen>
+-
+-</enum>
+-
+-
+ <sect>Exporting filesystems
+
+ <p>The way to export filesytems with NFS is not completely consistent
+-across platforms of course. In this case Linux and Solaris 2 are the
++across platforms of course. In this case FreeBSD and Solaris 2 are the
+ deviants. This section lists, superficially the way to do it on most
+ systems. If the kind of system you have is not covered you must check
+ your OS man-pages. Keywords are: nfsd, system administration tool, rc
diff --git a/misc/Howto/files/patch-nis b/misc/Howto/files/patch-nis
new file mode 100644
index 000000000000..e2a4ece83a0c
--- /dev/null
+++ b/misc/Howto/files/patch-nis
@@ -0,0 +1,936 @@
+--- NIS-HOWTO.sgml.orig Sat Oct 3 10:52:24 1998
++++ NIS-HOWTO.sgml Sat Oct 3 12:56:20 1998
+@@ -1,21 +1,20 @@
+ <!doctype linuxdoc system>
+
+-<!-- This is the Linux NIS-HOWTO. It describes how to install and configure
+- Linux as NIS client and server and as NIS+ client.
++<!-- This is the FreeBSD NIS-HOWTO. It describes how to install and configure
++ FreeBSD as NIS client and server.
+ -->
+
+ <article>
+
+-<title>The Linux NIS(YP)/NYS/NIS+ HOWTO
+-<author>Thorsten Kukuk
++<title>The FreeBSD NIS(YP) HOWTO
++<author>Linux version by Thorsten Kukuk
+ <date>v0.12, 12 June 1998
+
+ <abstract>
+ <nidx>HOWTOs!NIS</nidx>
+ <nidx>HOWTOs!YP</nidx>
+-<nidx>HOWTOs!NYS</nidx>
+ <nidx>HOWTOs!NIS+</nidx>
+-This document describes how to configure Linux as NIS(YP) or NIS+ client
++This document describes how to configure FreeBSD as a NIS(YP) client
+ and how to install as NIS server.
+ </abstract>
+
+@@ -25,18 +24,17 @@
+ <sect>Introduction
+
+ <p>
+-More and more, Linux machines are installed as part of a network of
++More and more, FreeBSD machines are installed as part of a network of
+ computers. To simplify network administration, most networks (mostly
+-Sun-based networks) run the Network Information Service. Linux machines
++Sun-based networks) run the Network Information Service. FreeBSD machines
+ can take full advantage of existing NIS service or provide NIS service
+-themselves. Linux machines can also act as full NIS+ clients, this
+-support is in beta stage.
++themselves.
+
+-This document tries to answer questions about setting up NIS(YP) and NIS+
+-on your Linux machine. Don't forget to read the section about
++This document tries to answer questions about setting up NIS(YP)
++on your FreeBSD machine. Don't forget to read the section about
+ <ref id="portmapper" name="the RPC Portmapper">
+
+-The NIS-Howto is edited and maintained by:
++The Linux version of the NIS-Howto is edited and maintained by:
+
+ <quote>
+ Thorsten Kukuk, <tt/kukuk@vt.uni-paderborn.de/
+@@ -60,10 +58,7 @@
+ the URL <url url="http://sunsite.unc.edu/mdw/HOWTO/NIS-HOWTO.html"
+ name="http://sunsite.unc.edu/mdw/HOWTO/NIS-HOWTO.html">.
+
+-New versions of this document will also be uploaded to various
+-Linux WWW and FTP sites, including the LDP home page.
+-
+-Links to translations of this document could be found at
++Links to translations of the Linux document can be found at
+ <url url="http://www-vt.uni-paderborn.de/~kukuk/linux/nis-howto.html"
+ name="http://www-vt.uni-paderborn.de/~kukuk/linux/nis-howto.html">.
+ <sect1>Disclaimer
+@@ -86,9 +81,9 @@
+ document, please let me know so I can correct it in the next
+ version. Thanks.
+
+-Please do <em/not/ mail me questions about special problems with your Linux
+-Distribution! I don't know every Linux Distribution. But I will try to add
+-every solution you send me.
++Please do <em/not/ mail Thorsten questions about special problems with FreeBSD.
++The FreeBSD changes to the Linux document were done by the FreeBSD
++Documentation Project. Please send comments to docs@freebsd.org
+
+ <sect1>Acknowledgements
+
+@@ -102,25 +97,21 @@
+ </verb></tscreen>
+
+ Theo de Raadt &lt;deraadt@theos.com> is responsible for the original
+-yp-clients code. Swen Thuemmler &lt;swen@uni-paderborn.de> ported the
+-yp-clients code to Linux and also ported the yp-routines in libc
+-(again based on Theo's work). Thorsten Kukuk has written the NIS(YP)
+-and NIS+ routines for GNU libc 2.x from scratch.
++yp-clients code.
+
+ <sect>Glossary and General Information
+
+ <sect1>Glossary of Terms
+ <nidx>NIS!glossary</nidx>
+ <nidx>YP!glossary</nidx>
+-<nidx>NYS!glossary</nidx>
+ <nidx>NIS+!glossary</nidx>
+-<nidx>glossary!NIS/NYS/YP/NIS+</nidx>
++<nidx>glossary!NIS/YP/NIS+</nidx>
+ <p>
+ In this document a lot of acronyms are used. Here are the most
+ important acronyms and a brief explanation:
+
+ <descrip>
+-<tag/DBM/DataBase Management, a library of functions which
++<tag/DB/Database Management, a library of functions which
+ maintain key-content pairs in a data base.
+
+ <tag/DLL/Dynamically Linked Library, a library linked to an
+@@ -136,8 +127,7 @@
+ files between two computers.
+
+ <tag/libnsl/Name services library, a library of name service calls
+- (getpwnam, getservbyname, etc...) on SVR4 Unixes. GNU libc
+- uses this for the NIS (YP) and NIS+ functions.
++ (getpwnam, getservbyname, etc...) on SVR4 Unixes.
+
+ <tag/libsocket/Socket services library, a library for the socket
+ service calls (socket, bind, listen, etc...) on SVR4 Unixes.
+@@ -153,12 +143,7 @@
+ replacement for NIS with better security and better handling
+ of _large_ installations.
+
+-<tag/NYS/This is the name of a project and stands for NIS+, YP and Switch
+- and is managed by Peter Eriksson &lt;peter@ifm.liu.se>. It contains
+- among other things a complete reimplementation of the NIS (= YP) code
+- that uses the Name Services Switch functionality of the NYS library.
+-
+-<tag/NSS/Name Service Switch. The /etc/nsswitch.conf file determines the order
++<tag/NSS/Name Service Switch. On Solaris, the /etc/nsswitch.conf file determines the order
+ of lookups performed when a certain piece of information is requested.
+
+ <tag/RPC/Remote Procedure Call. RPC routines allow C programs to
+@@ -177,7 +162,6 @@
+ <sect1>Some General Information
+ <nidx>NIS!general information</nidx>
+ <nidx>YP!general information</nidx>
+-<nidx>NYS!general information</nidx>
+ <nidx>NIS+!general information</nidx>
+
+ <p>
+@@ -197,7 +181,7 @@
+ distributed by NIS is:
+
+ <itemize>
+-<item>login names/passwords/home directories (/etc/passwd)
++<item>login names/passwords/home directories (/etc/master.passwd)
+ <item>group information (/etc/group)
+ </itemize>
+
+@@ -217,37 +201,8 @@
+ use NIS+ or have severe security needs. NIS+ is _much_ more problematic
+ to administer (it's pretty easy to handle on the client side, but the
+ server side is horrible). Another problem is that the support for NIS+
+-under Linux is still under developement - you need the latest glibc
+-snapshot for it or have to wait for glibc 2.1. There is a port of the
+-glibc NIS+ support for libc5 as drop in replacement.
+-
+-<sect1>libc 4/5 with traditional NIS or NYS ?
+-<nidx>libc4/5, use with NIS/NYS</nidx>
+-<nidx>NIS/NYS, use with libc4/5</nidx>
+-
+-<p>
+-The choice between "traditional NIS" or the NIS code in the NYS library
+-is a choice between laziness and maturity vs. flexibility and love of
+-adventure.
+-
+-The "traditional NIS" code is in the standard C library and has been
+-around longer and sometimes suffers from it's age and slight
+-inflexibility.
+-
+-The NIS code in the NYS library requires you to recompile the libc
+-library to include the NYS code into the libc library (or maybe you can
+-go get a precompiled version of libc from someone who has already done it).
+-
+-Another difference is that the traditional NIS code has some support
+-for NIS Netgroups, which the NYS code doesn't. On the other hand
+-the NYS code allows you to handle Shadow Passwords in a transparent
+-way. The "traditonal NIS" code doesn't support Shadow Passwords over NIS.
+-
+-Forgot this all if you use the new GNU C Library 2.x (aka libc6). It
+-has real NSS (name switch service) support, which makes it very flexible,
+-and contains support for the following NIS/NIS+ maps: aliases, ethers, group,
+-hosts, netgroups, networks, protocols, publickey, passwd, rpc, services
+-and shadow. The GNU C Library has no problems with shadow passwords over NIS.
++under FreeBSD is still under developement, and is not ready for Alpha testing
++yet.
+
+ <sect>How it works
+
+@@ -316,10 +271,9 @@
+
+ <p>
+ To run any of the software mentioned below you will need to run the
+-program /usr/sbin/portmap. Some Linux distributions already have
+-the code in the /etc/rc.d/ files to start up this daemon.
+-All you have to do is to activate it and reboot your Linux machine.
+-Read your Linux Distribution Documentation how to do this.
++program /usr/sbin/portmap. In FreeBSD you specify your desire to run the
++Portmapper in /etc/rc.conf.
++All you have to do is to activate it and reboot your FreeBSD machine.
+
+ The RPC portmapper (portmap(8)) is a server that converts RPC program
+ numbers into TCP/IP (or UDP/IP) protocol port numbers. It must be
+@@ -365,54 +319,23 @@
+ ypcat, yppoll, ypmatch). The most important program is ypbind. This
+ program must be running at all times, that is, it should always appear
+ in the list of processes. It's a so-called daemon process and needs to
+-be started from the system's startup file (eg. /etc/rc.local, /etc/init.d/nis,
+-/etc/rc.d/init.d/ypbind).
++be started from the system's startup file (eg. /etc/rc.network).
++You specify your desire to run ypbind in /etc/rc.conf.
+ As soon as ypbind is running, your system has become a NIS client.
+
+ In the second case, if you don't have NIS servers, then you will also
+ need a NIS server program (usually called ypserv). Section 8 describes
+-how to set up a NIS server on your Linux machine using the "ypserv"
+-implementation by Peter Eriksson and Thorsten Kukuk.
+-Note that from version 0.14 this implementation supports the
+-master-slave concept talked about in section 4.1.
+-
+-There is also another free NIS server available, called "yps", written
+-by Tobias Reber in Germany which does support the master-slave concept,
+-but has other limitations and isn't supported any longer.
++how to set up a NIS server on your FreeBSD machine using "ypserv".
+
+
+ <sect1>The Software
+ <nidx>NIS!library requirements</nidx>
+
+ <p>
+-The system library "/usr/lib/libc.a" (version 4.4.2 and better) or the
+-shared library "/lib/libc.so.x" contain all necessary system calls to
+-succesfully compile the NIS client and server software. For glibc 2.x,
+-you also need /lib/libnsl.so.1.
+-
+-Some people reported that NIS only works with "/usr/lib/libc.a" version
+-4.5.21 and better so if you want to play it safe don't use older
+-libc's. The NIS client software can be obtained from:
+-
+-<tscreen><verb>
+- Site Directory File Name
+-
+- ftp.kernel.org /pub/linux/utils/net/NIS yp-tools-2.0.tar.gz
+- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-mt-1.2.tar.gz
+- ftp.kernel.org /pub/linux/utils/net/NIS ypbind-3.3.tar.gz
+- sunsite.unc.edu /pub/Linux/system/Network/admin yp-clients-2.2.tar.gz
+- ftp.uni-paderborn.de /linux/local/yp yp-clients-2.2.tar.gz
+- ftp.uni-paderborn.de /linux/local/yp ypbind-3.3.tar.gz
+-</verb></tscreen>
++The system libraries "/usr/lib/libc.so.x" and "/usr/lib/libc.a"
++contain all necessary system calls to
++succesfully compile the NIS client and server software.
+
+-Once you obtained the software, please follow the instructions which
+-come with the software. yp-clients 2.2 are for use with libc4 and libc5
+-until 5.4.20. libc 5.4.21 and glibc 2.x needs yp-tools 1.4.1. The new
+-yp-tools 2.0 will work with every Linux libc. Since there was some bugs
+-in the NIS code, you shouldn't use libc 5.4.21-5.4.35. Use libc 5.4.36 or
+-later instead, or the most YP programs will not work. ypbind 3.3 will
+-work with all libraries, too. You should never use the ypbind from
+-yp-clients 2.2.
+
+ <sect1>The ypbind daemon
+ <nidx>NIS!ypbind daemon</nidx>
+@@ -420,29 +343,15 @@
+ <nidx>daemon!ypbind</nidx>
+
+ <p>
+-Assuming you have succesfully compiled the software you are now ready
+-to install the software. A suitable place for the ypbind daemon is
+-the directory /usr/sbin. Some people may tell you, that you don't need
+-ypbind on a system with NYS. This is wrong, ypwhich and ypcat need it.
+-
+-You'll need to do this as root of course. The other binaries (ypwhich,
+-ypcat, yppoll, ypmatch) should go in a directory accessible by all
+-users, normally /usr/bin.
+-
+-The ypbind process has a configuration file called /etc/yp.conf. You can
+-hardcode a NIS server there - for more info see the manual page for ypbind(8).
+-You also need this file for NYS.
+-An example:
+-<tscreen><verb>
+- ypserver voyager
+- ypserver ds9
+-</verb></tscreen>
++The ypbind process can be forced to bind to a specific NIS server by specifing
++the server in /etc/rc.conf.
++For more info see the manual page for ypbind(8).
+
+ If the system could resolv the hostnames without NIS, you could use
+ the name, else you have to use the IP address.
+
+-It might be a good idea to test ypbind before incorporating it in the
+-/etc/rc.d/ files. To test ypbind do the following:
++It might be a good idea to test ypbind before incorporating it in the
++/etc/rc.conf files. To test ypbind do the following:
+
+ <itemize>
+ <item>Make sure you have your domain name set. If it is not set then
+@@ -500,15 +409,10 @@
+
+ This directory MUST exist for ypbind to start up succesfully.
+
+-To check if the domainname is set correct, use the /bin/ypdomainname from
+-yp-tools 2.0. It uses the yp_get_default_domain function, which is more
+-restrict. It doesn't allow for example the "(none)" domainname, which
+-is the default under Linux and makes a lot of problems.
+-
+-If the test worked you may now want to change the files in /etc/rc.d/
++If the test worked you may now want to change the /etc/rc.conf file
+ on your system so that ypbind will be started up at boot time and your
+ system will act as a NIS client. Make sure, that the domainname will
+-be set at boot time.
++be set at boot time (also set in /etc/rc.conf).
+
+ Well, that's it. Reboot the machine and watch the boot messages to see
+ if ypbind is actually started.
+@@ -519,20 +423,20 @@
+
+ <p>
+ For host lookups you must set (or add) "nis" to the lookup order line
+-in your /etc/host.conf file. Please read the manpage "resolv+.8" for
++in your /etc/host.conf file. Please see the comments in /etc/host.conf
+ more details.
+
+-Add the following line to /etc/passwd on your NIS clients:
++Add the following line to /etc/master.passwd using vipw on your NIS clients:
+
+ <tscreen><verb>
+-+::::::
+++:::::::::
+ </verb></tscreen>
+
+ You can also use the + and - characters to include/exclude or change
+ users. If you want to exclude the user guest just add -guest to your
+-/etc/passwd file. You want to use a different shell (e.g. ksh) for
+-the user "linux"? No problem, just add "+linux::::::/bin/ksh"
+-(without the quotes) to your /etc/passwd. Fields that you don't want
++/etc/master.passwd file. You want to use a different shell (e.g. sh) for
++the user "ken"? No problem, just add "+ken:::::::::/usr/local/bin/bash"
++(without the quotes) to your /etc/master.passwd using vipw. Fields that you don't want
+ to change have to be left empty. You could also use Netgroups for
+ user control.
+
+@@ -541,343 +445,22 @@
+ of all other users available:
+
+ <tscreen><verb>
+- +miquels:::::::
+- +ed:::::::
+- +dth:::::::
+- +@sysadmins:::::::
+- -ftp
+- +:*::::::/etc/NoShell
++ +dennis:::::::::
++ +@sysadmins:::::::::
++ -ftp:::::::::
++ +@rejected-users::32767:32767::::::/bin/false
+ </verb></tscreen>
+
+-Note that in Linux you can also override the password field, as we did
++Note that in FreeBSD you can also override the password field, as we did
+ in this example. In this example, we also remove the login "ftp", so
+ it isn't known any longer, and anonymous ftp will not work.
++See the ``man 5 passwd'' for further explantion and more examples.
+
+ The netgroup would be look like
+ <tscreen><verb>
+ sysadmins (-,software,) (-,kukuk,)
+ </verb></tscreen>
+
+-IMPORTANT: Note that the netgroup feature is implemented starting
+-from libc 4.5.26. But if you have a version of libc earlier than 4.5.26,
+-every user in the NIS password database can access your linux machine if
+-you run "ypbind".
+-
+-
+-<sect1>Setting up a NIS Client using NYS
+-<nidx>NYS!client setup</nidx>
+-
+-<p>
+-All that is required is that the NIS configuration file
+-(/etc/yp.conf) points to the correct server(s) for its information.
+-Also, the Name Services Switch configuration file (/etc/nsswitch.conf)
+-must be correctly set up.
+-
+-You should install ypbind. It isn't needed by the libc, but the NIS(YP)
+-tools need it.
+-
+-If you wish to use the include/exclude user feature (+/-guest/+@admins),
+-you have to use "passwd: compat" and "group: compat". Note, that there
+-is no "shadow: compat" ! You have to use "shadow: files nis" in this
+-case.
+-
+-The NYS sources are part of the libc 5 sources. When run configure,
+-say the first time "NO" to the "Values correct" question,
+-then say "YES" to "Build a NYS libc from nys".
+-
+-<sect1>Setting up a NIS Client using glibc 2.x
+-<nidx>NIS!client setup!using glibc 2.x</nidx>
+-
+-<p>
+-The glibc uses "traditional NIS", so you need to start ypbind. The
+-Name Services Switch configuration file (/etc/nsswitch.conf) must be
+-correctly set up. If you use the compat mode for passwd, shadow or group,
+-you have to add the "+" at the end of this files, and you could use
+-the include/exclude user feature. The configuration is excatly the same
+-as under Solaris 2.x.
+-
+-<sect1>The nsswitch.conf File
+-<nidx>nsswitch.conf file</nidx>
+-<nidx>NIS!nsswitch.conf file</nidx>
+-
+-<p>
+-The Network Services switch file /etc/nsswitch.conf determines the
+-order of lookups performed when a certain piece of information is
+-requested, just like the /etc/host.conf file which determines the way
+-host lookups are performed. For example, the line
+-
+-<tscreen><verb>
+- hosts: files nis dns
+-</verb></tscreen>
+-
+-specifies that host lookup functions should first look in the local
+-/etc/hosts file, followed by a NIS lookup and finally thru the domain
+-name service (/etc/resolv.conf and named), at which point if no match
+-is found an error is returned. This file must be readable for every
+-user !
+-
+-A good /etc/nsswitch.conf file for NIS is:
+-<tscreen><verb>
+-#
+-# /etc/nsswitch.conf
+-#
+-# An example Name Service Switch config file. This file should be
+-# sorted with the most-used services at the beginning.
+-#
+-# The entry '[NOTFOUND=return]' means that the search for an
+-# entry should stop if the search in the previous entry turned
+-# up nothing. Note that if the search failed due to some other reason
+-# (like no NIS server responding) then the search continues with the
+-# next entry.
+-#
+-# Legal entries are:
+-#
+-# nisplus Use NIS+ (NIS version 3)
+-# nis Use NIS (NIS version 2), also called YP
+-# dns Use DNS (Domain Name Service)
+-# files Use the local files
+-# db Use the /var/db databases
+-# [NOTFOUND=return] Stop searching if not found so far
+-#
+-
+-passwd: compat
+-group: compat
+-shadow: compat
+-
+-passwd_compat: nis
+-group_compat: nis
+-shadow_compat: nis
+-
+-hosts: nis files dns
+-
+-services: nis [NOTFOUND=return] files
+-networks: nis [NOTFOUND=return] files
+-protocols: nis [NOTFOUND=return] files
+-rpc: nis [NOTFOUND=return] files
+-ethers: nis [NOTFOUND=return] files
+-netmasks: nis [NOTFOUND=return] files
+-netgroup: nis
+-bootparams: nis [NOTFOUND=return] files
+-publickey: nis [NOTFOUND=return] files
+-automount: files
+-aliases: nis [NOTFOUND=return] files
+-</verb></tscreen>
+-
+-passwd_compat, group_compat and shadow_compat are only supported by glibc 2.x.
+-If there are no shadow rules in /etc/nsswitch.conf, glibc will use the passwd
+-rule for lookups. There are some more lookup module for glibc like hesoid.
+-For more information, read the glibc documentation.
+-
+-<sect> Shadow Passwords with NIS and PAM
+-<nidx>NIS!shadow passwords</nidx>
+-<nidx>PAM!shadow passwords</nidx>
+-<p>
+-Shadow passwords over NIS are always a bad idea. You lost the security,
+-which shadow gives you. A good way to avoid shadow passwords over NIS is,
+-to put only the local system users in /etc/shadow. Remove the NIS user
+-entries from the shadow database, and put the password back in passwd.
+-So you could use shadow for the root login, and normal passwd for NIS
+-user. This has the advantage, that it will work with every NIS client.
+-
+-If this is not an option for you, you need the GNU C Library 2.x. This
+-is the only Linux libc, which supports shadow passwords over NIS. Linux
+-libc5 has no support for it. Linux libc5 compiled with NYS enabled has
+-some code for it. But this code is badly broken in some cases and doesn't
+-work with all correct shadow entries.
+-
+-The next problem is PAM. The GNU C Library support Shadow passwords over
+-NIS, but PAM does not, especially pam_pwdb/libpwdb. This is a big problem
+-for RedHat 5.x users. If you have glibc and PAM, you need to change the
+-/etc/pam.d/* entries. Replace all pam_pwdb rules through pam_auth_unix_*
+-modules. This will work.
+-
+-
+-<sect> What do you need to set up NIS+ ?
+-
+-<sect1>The Software
+-<nidx>NIS+!software required</nidx>
+-
+-<p>
+-The Linux NIS+ client code was developed for the GNU C library 2.
+-There is also a port for Linux libc5, since all commercial Applications
+-are linked against this library, and you couldn't recompile them for
+-using glibc. There are problems with libc5 and NIS+: You couldn't link
+-static programs with it, and programs compiled with this library will
+-not work with other libc5 versions.
+-
+-
+-You need to retrieve and compile the latest GNU C library 2 snapshot.
+-And you need a glibc based system like RedHat 5.x or the upcoming
+-Debian 2.0. But be warned: This is beta Software ! Read the Docs about
+-glibc snapshots and from the Distributions ! glibc 2.0.x doesn't contain
+-the NIS+ support, and will never contain it. The first public version
+-with NIS+ support will be 2.1.
+-
+-The NIS+ client software can be obtained from:
+-<tscreen><verb>
+- Site Directory File Name
+-
+- ftp.kernel.org /pub/software/libs/glibc libc-*, glibc-crypt-*,
+- glibc-linuxthreads-*
+- ftp.kernel.org /pub/linux/utils/net/NIS+ nis-tools-1.4.2.tar.gz
+- ftp.kernel.org /pub/linux/utils/net/NIS+ pam_keylogin-1.2.tar.gz
+-</verb></tscreen>
+-
+-Distributions based on glibc can be fetched from:
+-<tscreen><verb>
+- Site Directory
+-
+- ftp.redhat.com /pub/redhat/redhat-5.1
+- ftp.debian.org /pub/debian/dists/hamm
+-</verb></tscreen>
+-
+-For compilation of the GNU C Library, please follow the instructions
+-which come with the software. Here you could find the patched libc5,
+-based on NYS and the glibc sources as drop in replacement for the
+-standart libc5:
+-
+-<tscreen><verb>
+- Site Directory File Name
+-
+- ftp.kernel.org /pub/linux/utils/net/NIS+ libc-5.4.44-nsl-0.4.10.tar.gz
+-</verb></tscreen>
+-
+-You should also look at
+- <url url="http://www-vt.uni-paderborn.de/~kukuk/linux/nisplus.html"
+- name="http://www-vt.uni-paderborn.de/~kukuk/linux/nisplus.html">
+-for more information and the latest sources.
+-
+-<sect1>Setting up a NIS+ client
+-<nidx>NIS+!client setup</nidx>
+-
+-<p>
+-IMPORTANT: For setting up a NIS+ client, read your Solaris NIS+ docs
+-what to do on the server side ! This document only describes what to do
+-on the client side !
+-
+-After installing the new libc and nis-tools, create the credentials for
+-the new client on the NIS+ server. Make sure, portmap is running. Then
+-check, if your Linux PC has the same time as the NIS+ Server. For secure RPC,
+-you have only a small window from about 3 minutes, in which the credentials
+-are valid. A good idea is to run xntpd on every host. After this, run
+-
+-<tscreen><verb>
+-domainname nisplus.domain.
+-nisinit -c -H <NIS+ server>
+-</verb></tscreen>
+-
+-to initialize the cold Start File. Read the nisinit man page for more
+-options. Make sure, that the domainname will always be set after a reboot.
+-If you don't know what the NIS+ domain name is on your network, ask
+-your system/network administrator.
+-
+-Now you should change your /etc/nsswitch.conf file. Make sure, that the
+-only service after publickey is nisplus ("publickey: nisplus"), and nothing
+-else !
+-
+-After this, start keyserv and make sure, that it will always be started
+-at boot time. Run
+-<tscreen><verb>
+-keylogin -r
+-</verb></tscreen>
+-to store the root secretkey on your system. (I hope you have added the
+-publickey for the new host on the NIS+ Server ?).
+-
+-"niscat passwd.org_dir" should now show you all entries in the passwd database.
+-
+-
+-<sect1>NIS+, keylogin, login and PAM
+-<nidx>NIS+!use of PAM with</nidx>
+-
+-<p>
+-When the user logs in, he need to set his secretkey to keyserv. This is done
+-by calling "keylogin". The login from the shadow package will do this for the
+-user. For a PAM aware login, you have to install pam_keylogin-1.1.tar.gz
+-and change the /etc/pam.d/login file to use pam_unix_auth, not pwdb, which
+-doesn't support NIS+. An example:
+-
+-<tscreen><verb>
+-#%PAM-1.0
+-auth required /lib/security/pam_securetty.so
+-auth required /lib/security/pam_keylogin.so
+-auth required /lib/security/pam_unix_auth.so
+-auth required /lib/security/pam_nologin.so
+-account required /lib/security/pam_unix_acct.so
+-password required /lib/security/pam_unix_passwd.so
+-session required /lib/security/pam_unix_session.so
+-</verb></tscreen>
+-
+-
+-<sect1>The nsswitch.conf File
+-<nidx>nsswitch.conf file</nidx>
+-<nidx>NIS+!nsswitch.conf file</nidx>
+-
+-<p>
+-The Network Services switch file /etc/nsswitch.conf determines the
+-order of lookups performed when a certain piece of information is
+-requested, just like the /etc/host.conf file which determines the way
+-host lookups are performed. For example, the line
+-
+-<tscreen><verb>
+- hosts: files nisplus dns
+-</verb></tscreen>
+-
+-specifies that host lookup functions should first look in the local
+-/etc/hosts file, followed by a NIS+ lookup and finally thru the domain
+-name service (/etc/resolv.conf and named), at which point if no match
+-is found an error is returned.
+-
+-A good /etc/nsswitch.conf file for NIS+ is:
+-<tscreen><verb>
+-#
+-# /etc/nsswitch.conf
+-#
+-# An example Name Service Switch config file. This file should be
+-# sorted with the most-used services at the beginning.
+-#
+-# The entry '[NOTFOUND=return]' means that the search for an
+-# entry should stop if the search in the previous entry turned
+-# up nothing. Note that if the search failed due to some other reason
+-# (like no NIS server responding) then the search continues with the
+-# next entry.
+-#
+-# Legal entries are:
+-#
+-# nisplus Use NIS+ (NIS version 3)
+-# nis Use NIS (NIS version 2), also called YP
+-# dns Use DNS (Domain Name Service)
+-# files Use the local files
+-# db Use the /var/db databases
+-# [NOTFOUND=return] Stop searching if not found so far
+-#
+-
+-passwd: compat
+-# for libc5: passwd: files nisplus
+-group: compat
+-# for libc5: group: files nisplus
+-shadow: compat
+-# for libc5: shadow: files nisplus
+-
+-passwd_compat: nisplus
+-group_compat: nisplus
+-shadow_compat: nisplus
+-
+-hosts: nisplus files dns
+-
+-services: nisplus [NOTFOUND=return] files
+-networks: nisplus [NOTFOUND=return] files
+-protocols: nisplus [NOTFOUND=return] files
+-rpc: nisplus [NOTFOUND=return] files
+-ethers: nisplus [NOTFOUND=return] files
+-netmasks: nisplus [NOTFOUND=return] files
+-netgroup: nisplus
+-bootparams: nisplus [NOTFOUND=return] files
+-publickey: nisplus
+-automount: files
+-aliases: nisplus [NOTFOUND=return] files
+-</verb></tscreen>
+-
+-
+ <sect>Setting up a NIS Server
+ <nidx>NIS!server setup</nidx>
+
+@@ -888,36 +471,14 @@
+ <p>
+ This document only describes how to set up the "ypserv" NIS server.
+
+-The NIS server software can be found on:
+-
+-<tscreen><verb>
+- Site Directory File Name
+-
+- ftp.kernel.org /pub/linux/utils/net/NIS ypserv-1.3.2.tar.gz
+- wauug.erols.com /pub/net/nis ypserv-1.3.2.tar.gz
+-</verb></tscreen>
+-
+-You could also look at
+- <url url="http://www-vt.uni-paderborn.de/~kukuk/linux/nis.html"
+- name="http://www-vt.uni-paderborn.de/~kukuk/linux/nis.html">
+-for more information.
++The NIS server software can be found as /usr/sbin/ypserv.
+
+-The server setup is the same for both traditional NIS and NYS.
+-
+-Compile the software to generate the "ypserv" and "makedbm"
+-programs. If you run your server as master, determine what files you
++If you run your server as master, determine what files you
+ require to be available via NIS and then add or remove the appropriate
+ entries to the <tt>/var/yp/Makefile</tt>.
+
+-There was one big change between ypserv 1.1 and ypserv 1.2. Since 1.2,
+-ypserv caches the file handles. This means, you have to call makedbm with
+-the -c option always if you create new maps. Make sure, you are using the
+-new <tt>/var/yp/Makefile</tt> from ypserv 1.2 or later, or add the -c flag
+-to makedbm in the Makefile. If you don't do that, ypserv will continue to
+-use the old maps, and not the new one.
+-
+-Now edit /var/yp/securenets and /etc/ypserv.conf.
+-For more information, read the ypserv(8) and ypserv.conf(5) manual pages.
++Now edit /var/yp/securenets and /etc/rc.conf.
++For more information, read the ypserv(8) manual page and /etc/rc.conf comments.
+
+ Make sure the portmapper (portmap(8)) is running, and start the
+ server "ypserv". The command
+@@ -935,13 +496,13 @@
+ Now generate the NIS (YP) database. On the master, run
+
+ <tscreen><verb>
+- % /usr/lib/yp/ypinit -m
++ % /usr/sbin/ypinit -m
+ </verb></tscreen>
+
+ On a slave, make sure that ypwhich -m works. This means, that your slave
+ must be configured as NIS client before you could run
+ <tscreen><verb>
+- % /usr/lib/yp/ypinit -s masterhost
++ % /usr/sbin/ypinit -s masterhost
+ </verb></tscreen>
+ to install the host as NIS slave.
+
+@@ -953,13 +514,13 @@
+ wrong.
+
+
+-You might want to edit root's crontab *on the slave* server and add the
++You might want to edit the system crontab (/etc/crontab) *on the slave* server and add the
+ following lines:
+
+ <tscreen><verb>
+- 20 * * * * /usr/lib/yp/ypxfr_1perhour
+- 40 6 * * * /usr/lib/yp/ypxfr_1perday
+- 55 6,18 * * * /usr/lib/yp/ypxfr_2perday
++ 20 * * * * root /usr/libexec/ypxfr passwd.byname
++ 21 * * * * root /usr/libexec/ypxfr passwd.byuid
++ 55 19 * * * root /usr/libexec/ypxfr hosts.ypname
+ </verb></tscreen>
+ This will ensure that most NIS maps are kept up-to-date, even if an
+ update is missed because the slave was down at the time the update was
+@@ -968,14 +529,14 @@
+ You could add a slave at every time later. At first, make sure that
+ the new ypserv has permissions to contact the NIS master. Then run
+ <tscreen><verb>
+- % /usr/lib/yp/ypinit -s masterhost
++ % /usr/sbin/ypinit -s masterhost
+ </verb></tscreen>
+ on the new slave, and add the server name to /var/yp/ypservers.
+ After this, run make in /var/yp to update the maps.
+
+ If you want to restrict access for users to your NIS server, you'll have
+ to setup the NIS server as a client as well by running ypbind and adding the
+-plus-entries to /etc/passwd _halfway_ the password file. The library
++plus-entries to /etc/master.passwd _halfway_ the password file. The library
+ functions will ignore all normal entries after the first NIS entry, and
+ will get the rest of the info through NIS. This way the NIS access rules
+ are maintained. example:
+@@ -993,65 +554,28 @@
+ news:*:9:9:news:/var/spool/news:
+ uucp:*:10:50:uucp:/var/spool/uucp:
+ nobody:*:65534:65534:noone at all,,,,:/dev/null:
+- +miquels::::::
+- +:*:::::/etc/NoShell
++ +dennis:::::::::
++ +*:::::::::/bin/false
+ [ All normal users AFTER this line! ]
+ tester:*:299:10:Just a test account:/tmp:
+- miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh
++ obrien:1765:01:10::0:0:David O'Brien:/home/obrien:/bin/sh
+ </verb></tscreen>
+
+-The user tester will exist, but have a shell of /etc/NoShell. miquels
++The user tester will exist, but have a shell of /bin/false. obrien
+ will have normal access.
+
+ Alternatively, you could edit the /var/yp/Makefile file and set NIS to use
+ another source password file. On big systems, the NIS password and group
+-files are usually stored in /var/yp/ypfiles/. If you do this the normal
++files are sometimes stored in /var/yp/ypfiles/. If you do this the normal
+ tools to administrate the password file such as "passwd", "chfn",
+ "adduser" will not work anymore and you will need special homemade tools
+ for this.
+
+ However yppasswd, ypchsh and ypchfn will work ofcourse.
+
+-<sect1>The Server Program yps
+-<nidx>NIS!yps server</nidx>
+-<nidx>yps NIS server</nidx>
+-<p>
+-To set up the "yps" NIS server please refer to the previous paragraph.
+-The "yps" server setup is similar, _but_ not exactly the same so
+-beware if you try to apply the "ypserv" instructions to "yps"!
+-"yps" is not supported by any author, and contains some security leaks.
+-You shouldn't really use it !
+-
+-The "yps" NIS server software can be found on:
+-
+-<tscreen><verb>
+- Site Directory File Name
+-
+- ftp.lysator.liu.se /pub/NYS/servers yps-0.21.tar.gz
+-</verb></tscreen>
+-
+-
+-<sect1>The Program rpc.yppasswdd
+-
+-<p>
+-Whenever users change their passwords, the NIS password database and
+-probably other NIS databases, which depend on the NIS password
+-database, should be updated. The program "rpc.yppasswdd" is a server that
+-handles password changes and makes sure that the NIS information will
+-be updated accordingly. rpc.yppasswdd is now integrated in ypserv. You
+-don't need the older, separate yppasswd-0.9.tar.gz or yppasswd-0.10.tar.gz,
+-and you shouldn't use them any longer. The rpc.yppasswdd in ypserv 1.3.2
+-has full shadow support. yppasswd is now part of yp-tools-2.0.tar.gz,
+-
+-You need to start rpc.yppasswdd only on the NIS master server. By default,
+-users are not allowed to change their full name or the login shell.
+-You could allow this with the -e chfn or -e chsh option.
+-
+-
+
+ <sect>Verifying the NIS/NYS Installation
+ <nidx>NIS!verification of operation</nidx>
+-<nidx>NYS!verification of operation</nidx>
+
+ <p>
+ If everything is fine (as it should be), you should be able to verify
+@@ -1069,9 +593,7 @@
+ </verb></tscreen>
+
+ (where userid is the login name of an arbitrary user) should give you
+-the user's entry in the NIS passwd file. The "ypcat" and "ypmatch"
+-programs should be included with your distribution of traditional
+-NIS or NYS.
++the user's entry in the NIS passwd file.
+
+ If a user couldn't log in, run the following program on the client:
+ <tscreen><verb>
+@@ -1118,49 +640,6 @@
+ <nidx>NIS!troubleshooting</nidx>
+ <nidx>NIS!problems with</nidx>
+
+-<p>
+-Here are some common problems reported by various users:
+-
+-<enum>
+-<item>The libraries for 4.5.19 are broken. NIS won't work with it.
+-
+-<item>If you upgrade the libraries from 4.5.19 to 4.5.24 then the
+- su command breaks. You need to get the su command from the
+- slackware 1.2.0 distribution. Incidentally that's where you
+- can get the updated libraries.
+-
+-<item>You could run into trouble with NIS and DNS on the same machine
+- using an old a.out distribution. The DNS server occasionally will
+- not bring up NIS.
+-
+-<item>When a NIS server goes down and comes up again ypbind starts
+- complaining with messages like:
+-
+- <verb>
+- yp_match: clnt_call:
+- RPC: Unable to receive; errno = Connection refused
+- </verb>
+-
+- and logins are refused for those who are registered in the
+- NIS database. Try to login as root and if you succeed, then kill
+- ypbind and start it up again. An update to ypbind 3.3 or higher
+- should also help.
+-
+-<item>After upgrade the libc to a version greater then 5.4.20, the YP tools
+- will not work any longer. You need yp-tools 1.2 or later for
+- libc >= 5.4.21 and glibc 2.x and yp-clients 2.2. for earlier versions.
+- yp-tools 2.0 should work for all libraries.
+-
+-<item>In libc 5.4.21 - 5.4.35 yp_maplist is broken, you need 5.4.36 or later,
+- or some YP programs like ypwhich will seg.fault.
+-
+-<item>libc 5 with traditional NIS doesn't support shadow passwords over NIS.
+- You need libc5 + NYS or glibc 2.x.
+-<item>ypcat shadow doesn't show the shadow map. This is correct, the name of
+- the shadow map is shadow.byname, not shadow.
+-</enum>
+-
+-
+ <sect>Frequently Asked Questions
+ <nidx>NIS!frequently asked questions</nidx>
+
+@@ -1169,15 +648,13 @@
+ questions unanswered you might want to post a message to
+
+ <tscreen><verb>
+- comp.os.linux.help
++ freebsd-questions@FreeBSD.org
+ </verb></tscreen>
+
+ or
+
+ <tscreen><verb>
+- comp.os.linux.networking
++ hackers@FreeBSD.org
+ </verb></tscreen>
+-
+-or contact one of the authors of this HOWTO.
+
+ </article>
diff --git a/misc/Howto/pkg-comment b/misc/Howto/pkg-comment
new file mode 100644
index 000000000000..53a517ccb591
--- /dev/null
+++ b/misc/Howto/pkg-comment
@@ -0,0 +1 @@
+Linux HOW-TOs modified for applicablity on FreeBSD
diff --git a/misc/Howto/pkg-descr b/misc/Howto/pkg-descr
new file mode 100644
index 000000000000..53a517ccb591
--- /dev/null
+++ b/misc/Howto/pkg-descr
@@ -0,0 +1 @@
+Linux HOW-TOs modified for applicablity on FreeBSD
diff --git a/misc/Howto/pkg-plist b/misc/Howto/pkg-plist
new file mode 100644
index 000000000000..28696356685f
--- /dev/null
+++ b/misc/Howto/pkg-plist
@@ -0,0 +1,2 @@
+share/doc/Howto
+@unexec /bin/rm -rf %D/share/doc/Howto
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 08:56:14 +0000