> One's own domainname, nothing. But someone else knowing your > domainname gives that someone a significant edge when it comes to > breaking in to your machines. Given the more recent versions of ypserv I don't see any major security problems left with YP. i.e the patches which Sun (at least, and maybe HP if you believe their docs) produced which tells a ypserv and portmapper which machines they should talk to. Back before these patches one could extract yp maps from a random domain using ypxfer, or hand written code but this no longer works with the newer code. If there are other security hole left please enlighten me. > > Is there a "better" NIS [...] > > I'd be interested in hearing about any such. I'm almost ready to try > my hand at writing one myself, but so far the perceived need has not > yet been sufficient to make me allocate the time. A good starting point might be the 386/BSD, Linux YP implementation. Since the source is available you can add whatever security measures you like to it. I'm not sure if their ypserv/ypbind are drop-in replacements for the ONC versions, (e.g. if the file formatt etc are the same), but it shouldn't be too hard to check. -- Jon Peatfield (DAMTP, unix network admin)