From 7737a49d16a66b6eb1a7d3ceb8392e0641c74693 Mon Sep 17 00:00:00 2001
From: Peter Wemm <peter@FreeBSD.org>
Date: Sun, 10 Nov 1996 13:06:14 +0000
Subject: [PATCH] The kerberised network services should only be active in
 inetd.conf if kerberos is installed.  So far as I'm aware, kerberos aware
 clients detect ECONNREFUSED and (if allowed) fall back to the non-kerberos
 servers.  They do not know how to interpret messages such as "rlogind:
 unknown option -k".

I believe Garrett also mentioned this.

Unfortunately, this adds an extra step to bringing up kerberos.

It also stops /var/log/messages getting quite so many useless (and
confusing) error messages when somebody does a port scan on you.
---
 etc/inetd.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/etc/inetd.conf b/etc/inetd.conf
index e79ee1411f33..d7e1e9cb49ca 100644
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@@ -33,10 +33,10 @@ ntalk	dgram	udp	wait	root	/usr/libexec/ntalkd	ntalkd
 #
 # Kerberos authenticated services
 #
-klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
-eklogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
-kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
-rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
+#klogin	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k
+#eklogin stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind -k -x
+#kshell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd -k
+#rkinit	stream	tcp	nowait	root	/usr/libexec/rkinitd	rkinitd
 #
 # Services run ONLY on the Kerberos server
 #