Date: Mon, 16 Oct 2000 15:42:47 -0500 From: Larry Rosenman <ler@lerctr.org> To: freebsd-stable@freebsd.org Subject: Re: turning off rcmd is premature Message-ID: <20001016154247.A14929@lerami.lerctr.org> In-Reply-To: <14827.26524.933168.86478@onceler.kciLink.com>; from khera@kciLink.com on Mon, Oct 16, 2000 at 04:39:56PM -0400 References: <01C0351A.45CBF470.ggross@symark.com> <20001014154131.E13848@citusc17.usc.edu> <14827.26524.933168.86478@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The other way is to make pam_accept.so the required opt, and filter the RSH ports. It really is annoying, and NON-Obvious to a newbie. And the logging is annoying at best. Larry * Vivek Khera <khera@kciLink.com> [001016 15:40]: > >>>>> "KK" == Kris Kennaway <kris@citusc.usc.edu> writes: > > KK> Removing 1 character from inetd.conf and typing "kill -HUP `cat > KK> /var/run/inetd.pid`" is all thats required to enable a service again > KK> for your system, if you're one of those people who need or want to use > KK> one of them. Thats not a big task. > > No; the following is required: > > fix /etc/inetd.conf > fix /etc/pam.conf > possibly fix /etc/hosts.allow > > then HUP inetd. > > The fix to /etc/pam.conf is not obvious. The following is what one > would *expect* to work, but does not. One must revert back to the > prior pam.conf line to make it work. The error reported from pam is > "Conversation error": > > rshd auth required pam_unix.so try_first_pass > > this, however, does work: > > rshd auth sufficient pam_deny.so > > but logs a warning in /var/log/messages prior to allowing the access. > > But I still think that before these services were shut off by default, > the completion of functionality under ssh should have been done, ie, > rcmd(3) should be ssh-aware. > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Vivek Khera, Ph.D. Khera Communications, Inc. > Internet: khera@kciLink.com Rockville, MD +1-301-545-6996 > GPG & MIME spoken here http://www.khera.org/~vivek/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001016154247.A14929>