From owner-freebsd-stable  Mon Oct 16 13:40: 2 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from yertle.kciLink.com (yertle.kciLink.com [205.252.34.9])
	by hub.freebsd.org (Postfix) with ESMTP id A8E7637B503
	for <stable@FreeBSD.ORG>; Mon, 16 Oct 2000 13:39:58 -0700 (PDT)
Received: from onceler.kciLink.com (onceler.kciLink.com [205.252.34.3])
	by yertle.kciLink.com (Postfix) with ESMTP id 19C0C2E449
	for <stable@FreeBSD.ORG>; Mon, 16 Oct 2000 16:39:57 -0400 (EDT)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.1/8.11.1) id e9GKdvM40181;
	Mon, 16 Oct 2000 16:39:57 -0400 (EDT)
	(envelope-from khera)
From: Vivek Khera <khera@kciLink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14827.26524.933168.86478@onceler.kciLink.com>
Date: Mon, 16 Oct 2000 16:39:56 -0400 (EDT)
To: "stable@FreeBSD.ORG" <stable@FreeBSD.ORG>
Subject: Re: turning off rcmd is premature
In-Reply-To: <20001014154131.E13848@citusc17.usc.edu>
References: <01C0351A.45CBF470.ggross@symark.com>
	<20001014154131.E13848@citusc17.usc.edu>
X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "KK" == Kris Kennaway <kris@citusc.usc.edu> writes:

KK> Removing 1 character from inetd.conf and typing "kill -HUP `cat
KK> /var/run/inetd.pid`" is all thats required to enable a service again
KK> for your system, if you're one of those people who need or want to use
KK> one of them. Thats not a big task.

No; the following is required:

fix /etc/inetd.conf
fix /etc/pam.conf
possibly fix /etc/hosts.allow

then HUP inetd.

The fix to /etc/pam.conf is not obvious.  The following is what one
would *expect* to work, but does not.  One must revert back to the
prior pam.conf line to make it work.  The error reported from pam is
"Conversation error":

rshd	auth	required	pam_unix.so			try_first_pass

this, however, does work:

rshd	auth	sufficient	pam_deny.so

but logs a warning in /var/log/messages prior to allowing the access.

But I still think that before these services were shut off by default,
the completion of functionality under ssh should have been done, ie,
rcmd(3) should be ssh-aware.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-301-545-6996
GPG & MIME spoken here            http://www.khera.org/~vivek/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message