From owner-freebsd-questions@FreeBSD.ORG Thu Dec 25 04:38:26 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F49C16A4CE for ; Thu, 25 Dec 2003 04:38:26 -0800 (PST) Received: from bugs.elitsat.net (bugs.elitsat.net [213.208.10.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id D03F243D2F for ; Thu, 25 Dec 2003 04:38:23 -0800 (PST) (envelope-from amour@bugs.elitsat.net) Received: from bugs.elitsat.net (amour@localhost.elitsat.net [127.0.0.1]) by bugs.elitsat.net (8.12.9/8.12.9) with ESMTP id hBPCcJ1U004581; Thu, 25 Dec 2003 14:38:19 +0200 (EET) (envelope-from amour@bugs.elitsat.net) Received: from localhost (amour@localhost)hBPCcHn6004578; Thu, 25 Dec 2003 14:38:18 +0200 (EET) Date: Thu, 25 Dec 2003 14:38:16 +0200 (EET) From: Alexander To: Matthew Seaman In-Reply-To: <20031225083615.GA26439@happy-idiot-talk.infracaninophile.co.uk> Message-ID: <20031225141424.S4180-100000@bugs.elitsat.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: questions@freebsd.org Subject: Re: identd in jailed 4.9-STABLE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 12:38:26 -0000 Hello, you seem to not have tried this under 4.9 or not under jail. In the host environment I haven't run anything else but sshd which is bound to listen on the IP != jail environment. In the jail environment it's not possible to bind on IP outside the jail. After googling a little I found that this is because identd uses tcp_getcred() which won't leak information to jail environment. There were a patch for 4.3 which made identd work but the patch won't work on 4.9-STABLE. If someone made identd work in jailed environment, please explain how. thanks On Thu, 25 Dec 2003, Matthew Seaman wrote: > On Thu, Dec 25, 2003 at 01:28:12AM +0200, Alexander wrote: > > > did someone make identd work on 4.9-STABLE in jailed environment ? > > Don't see why it should cause any particular difficulties. You'll > need to run an instance of inetd(8) in each jail where you want ident > capability. All of those inetd(8)'s and any inetd(8) from the base > system should be bound to specific IP addresses by using the '-a' > option -- otherwise they all attempt to bind to INADDR_ANY and end up > fighting each other. > > Eg: if your machine uses 192.168.0.1 as it's principal IP and has an > alias address of 192.168.0.2 used by a jail, and you want inetd > services in both, you would put: > > inetd_enable="YES" > inetd_flags="-wW -a 192.168.0.1" > > in /etc/rc.conf on the host environment, and: > > inetd_enable="YES" > inetd_flags="-wW -a 192.168.0.2" > > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH UK >