The kerberised network services should only be active in inetd.conf

if kerberos is installed.  So far as I'm aware, kerberos aware clients
detect ECONNREFUSED and (if allowed) fall back to the non-kerberos
servers.  They do not know how to interpret messages such as
"rlogind: unknown option -k".

I believe Garrett also mentioned this.

Unfortunately, this adds an extra step to bringing up kerberos.

It also stops /var/log/messages getting quite so many useless (and
confusing) error messages when somebody does a port scan on you.
This commit is contained in:
Peter Wemm 1996-11-10 13:06:14 +00:00
parent 94fbd76c28
commit 7737a49d16
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=19607

View File

@ -33,10 +33,10 @@ ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
#
# Kerberos authenticated services
#
klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k
eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x
kshell stream tcp nowait root /usr/libexec/rshd rshd -k
rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd
#klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k
#eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x
#kshell stream tcp nowait root /usr/libexec/rshd rshd -k
#rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd
#
# Services run ONLY on the Kerberos server
#