From 0a257647ab7f4ab1dbefb4c0e972a9db6d187057 Mon Sep 17 00:00:00 2001
From: peter <peter@FreeBSD.org>
Date: Sun, 10 Nov 1996 13:06:14 +0000
Subject: The kerberised network services should only be active in inetd.conf
 if kerberos is installed.  So far as I'm aware, kerberos aware clients detect
 ECONNREFUSED and (if allowed) fall back to the non-kerberos servers.  They do
 not know how to interpret messages such as "rlogind: unknown option -k".

I believe Garrett also mentioned this.

Unfortunately, this adds an extra step to bringing up kerberos.

It also stops /var/log/messages getting quite so many useless (and
confusing) error messages when somebody does a port scan on you.
---
 etc/inetd.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/inetd.conf b/etc/inetd.conf
index e79ee14..d7e1e9c 100644
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@@ -33,10 +33,10 @@ ntalk	dgram	udp	wait	root	/usr/libexec/ntalkd	ntalkd
 #
 # Kerberos authenticated services
 #
-klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
-eklogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
-kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
-rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
+#klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
+#eklogin stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
+#kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
+#rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
 #
 # Services run ONLY on the Kerberos server
 #
-- 
cgit v1.1