The kerberised network services should only be active in inetd.conf

if kerberos is installed. So far as I'm aware, kerberos aware clients detect ECONNREFUSED and (if allowed) fall back to the non-kerberos servers. They do not know how to interpret messages such as "rlogind: unknown option -k". I believe Garrett also mentioned this. Unfortunately, this adds an extra step to bringing up kerberos. It also stops /var/log/messages getting quite so many useless (and confusing) error messages when somebody does a port scan on you.
svn path=/head/; revision=19607
1996-11-10 13:06:14 +00:00 · 1996-11-10 13:06:14 +00:00 · 7737a49d16 · 2020-12-20 02:59:44 +00:00
commit 7737a49d16
parent 94fbd76c28
1 changed files with 4 additions and 4 deletions
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@ -33,10 +33,10 @@ ntalk	dgram	udp	wait	root	/usr/libexec/ntalkd	ntalkd
 #
 # Kerberos authenticated services
 #
-klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
-eklogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
-kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
-rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
+#klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
+#eklogin stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
+#kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
+#rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
 #
 # Services run ONLY on the Kerberos server
 #