From owner-freebsd-commit Thu Jul 20 15:33:13 1995 Return-Path: commit-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id PAA27383 for commit-outgoing; Thu, 20 Jul 1995 15:33:13 -0700 Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id PAA27364 for cvs-usrsbin-outgoing; Thu, 20 Jul 1995 15:33:09 -0700 Received: (from wpaul@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id PAA27341 ; Thu, 20 Jul 1995 15:33:04 -0700 Date: Thu, 20 Jul 1995 15:33:04 -0700 From: Bill Paul Message-Id: <199507202233.PAA27341@freefall.cdrom.com> To: CVS-commiters, cvs-usrsbin Subject: cvs commit: src/usr.sbin/ypbind ypbind.c ypbind.8 Sender: commit-owner@FreeBSD.org Precedence: bulk wpaul 95/07/20 15:33:03 Modified: usr.sbin/ypbind ypbind.c ypbind.8 Log: Add a -S option to ypbind that allows the following: -S domainname,server1,server2,server3,... The -S flag allows the system administrator to lock ypbind to a particular domain and group of NIS servers. Up to ten servers can be specified. There must not be any spaces between the commas in the domain/server specification. This option is used to insure that that the system binds only to one domain and only to one of the specified servers, which is useful for systems that are both NIS servers and NIS clients: it provides a way to restrict what ma- chines the system can bind to without the need for specifying the -ypset or -ypsetme options, which are often considered to be secu- rity holes. The specified servers must have valid entries in the local /etc/hosts file. IP addresses may be specified in place of hostnames. If ypbind can't make sense ouf of the arguments, it will ignore the -S flag and continue running normally. Note that ypbind will consider the domainname specified with the -S flag to be the system default domain. (According to what Garrett showed me, OSF/1 actually only allows 4 servers to be specified. Ten seemed to be a bit more reasonable to me.) Suggested by: G. Wollman Idea lifted from: OSF/1