The kerberised network services should only be active in inetd.conf
if kerberos is installed. So far as I'm aware, kerberos aware clients detect ECONNREFUSED and (if allowed) fall back to the non-kerberos servers. They do not know how to interpret messages such as "rlogind: unknown option -k". I believe Garrett also mentioned this. Unfortunately, this adds an extra step to bringing up kerberos. It also stops /var/log/messages getting quite so many useless (and confusing) error messages when somebody does a port scan on you.
This commit is contained in:
peter
parent
5c8d46b0f4
commit
7134c99b53
@ -33,10 +33,10 @@ ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
|
||||
#
|
||||
# Kerberos authenticated services
|
||||
#
|
||||
klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k
|
||||
eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x
|
||||
kshell stream tcp nowait root /usr/libexec/rshd rshd -k
|
||||
rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd
|
||||
#klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k
|
||||
#eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x
|
||||
#kshell stream tcp nowait root /usr/libexec/rshd rshd -k
|
||||
#rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd
|
||||
#
|
||||
# Services run ONLY on the Kerberos server
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user