Re: bin/43900: ypbind(8) fails to handle multiple domains correcly

[David Holland <dholland-bugs%netbsd.org@localhost>]

The following reply was made to PR bin/43900; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/43900: ypbind(8) fails to handle multiple domains correcly
Date: Mon, 23 May 2011 06:54:25 +0000

 On Mon, May 23, 2011 at 08:44:54AM +0200, Wolfgang Stukenbrock wrote:
  > if it is nessesary to use ypset in a particular setup for any
  > reasons, I think it would make sence to have the ability to
  > restrict this to a subset of the domains that are bound.
  > I do not use ypset for security reasons, but if anyone else does, I
  > think that a setup where the "main"-Domain of the system (e.g. used
  > for logins) cannot be modified by ypset, but for some or all other
  > "additional" domains it may make sence.
  > 
  > Neverless this will be a very rare case at all.
  > And it would not be easy to specify this on the command line. You
  > can only allow ypset for "known" domains at the time of start of
  > ypbind or for all.
 
 Yeah. It's probably not worth worrying about, I think.
 
  > The important point is to support different sets of servers for
  > different Domains via binding-files.
  > My remarks to ypset in the PR should only show the effects of ypset
  > and that it is not a workaround for the problem because I need to
  > set all domains via ypset in that case ...
 
 I have a candidate set of patches (a 19-part patchbomb, in fact) that
 does a whole bunch of rototill and merges most of your patch, although
 not all of it's quite the same.
 
 I was thinking about sending this to you but there's probably no point
 until I've tested it all in my own (single-domain) environment. I'm
 currently planning to get that done tomorrow.
 
 Thanks...
 
 -- 
 David A. Holland
 dholland%netbsd.org@localhost