diff options
| author | peter <peter@FreeBSD.org> | 1996-11-10 13:06:14 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1996-11-10 13:06:14 +0000 |
| commit | 0a257647ab7f4ab1dbefb4c0e972a9db6d187057 (patch) | |
| tree | dd9ff3ba9042cbecc0b572b5bdda3eb38290562c /etc | |
| parent | 16296391cd29ece8351789c87dd5f1a60b1ba5b7 (diff) | |
| download | FreeBSD-src-0a257647ab7f4ab1dbefb4c0e972a9db6d187057.zip FreeBSD-src-0a257647ab7f4ab1dbefb4c0e972a9db6d187057.tar.gz | |
The kerberised network services should only be active in inetd.conf
if kerberos is installed. So far as I'm aware, kerberos aware clients
detect ECONNREFUSED and (if allowed) fall back to the non-kerberos
servers. They do not know how to interpret messages such as
"rlogind: unknown option -k".
I believe Garrett also mentioned this.
Unfortunately, this adds an extra step to bringing up kerberos.
It also stops /var/log/messages getting quite so many useless (and
confusing) error messages when somebody does a port scan on you.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inetd.conf | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inetd.conf b/etc/inetd.conf index e79ee14..d7e1e9c 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -33,10 +33,10 @@ ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd # # Kerberos authenticated services # -klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x -kshell stream tcp nowait root /usr/libexec/rshd rshd -k -rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd +#klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k +#eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x +#kshell stream tcp nowait root /usr/libexec/rshd rshd -k +#rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd # # Services run ONLY on the Kerberos server # |
