Date: 15 Feb 1999 15:29:52 +1100 From: "John Saunders" <john.saunders@nlc.net.au> To: freebsd-questions@FreeBSD.ORG Cc: Mike Knoll <knollm@lafcol.lafayette.edu> Subject: Re: tcp wrappers/identing Message-ID: <19990215042952.281.qmail@nhj.nlc.net.au> In-Reply-To: <Pine.SOL.3.96.990214224316.9558A-100000@lafcol.lafayette.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In nlc.lists.freebsd-questions you wrote:
> I just want to log any user info on the connection, not accept or deny the
> connection based on the user info.
You have to tweak the Makefile before building tcp_wrappers. The
Makefile has an option to always do an IDENT lookup for logging.
> As for the slow down, if I enable ident'ing on tcpwrappers, it waits until
> it knows the connecting party's username before it starts the demon. If
> the connecting party doesn't run ident, this attempt will cause a 10
> second delay in the wrapper(the timeout). I don't want this delay.
If you don't want the IDENT delay then don't enable IDENT lookups. I'm
pretty sure that tcp_wrappers doesn't enable IDENT lookups by default
for just this reason.
> I want the connection to, lets say, ftpd, to launch ftpd immediately, and
> look up the user name info in the background, since I don't want to filter
> based on it. I just want to log it.
Major rewrite of tcp_wrappers is needed. The log entry is written before
the daemon is started. Hence you can't get around the delay. Normally
tcp_wrappers will do all of it's lookups, determine if it should allow
access, log the info, then exec the daemon. To be able to log the IDENT
info in the background would require some tricky stuff. If you fork a
process to continue the lookup and exec the daemon, when the lookup
process finishes the daemon will get a SIGCHLD which it may not know
how to deal with. Also the PID logged to the log file will be wrong.
Cheers.
-- +------------------------------------------------------------+
. | John Saunders - mailto:john@nlc.net.au (EMail) |
,--_|\ | - http://www.nlc.net.au/ (WWW) |
/ Oz \ | - 02-9489-4932 or 04-1822-3814 (Phone) |
\_,--\_/ | NORTHLINK COMMUNICATIONS P/L - Supplying a professional, |
v | and above all friendly, internet connection service. |
+------------------------------------------------------------+
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990215042952.281.qmail>