Re: Easing security on "public" server.
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 4 Aug 1997, Chris Brown wrote:
> I don't want to be too open, but on this machine I would
> like to loosen the access a bit. One thing that I am aware of is
> that there are some options during compile of tcpd so that it
> doesn't worry about DNS. During setup of NFS I learned a bit about
> the host.allow and host.deny files. I really don't have a good feel
> for the extent of control that is available thru these files and
> possibly others.
The "ALL: PARANOID" line in /etc/hosts.deny is what causes the login
failure, as it causes tcpwrappers to do a reverse lookup on the connecting
IP, and then a forward lookup on the name it gets to make sure that the
host isn't trying to DNS spoof. This may be removable, but not if you're
doing any kind of hostname-based access.
- --
| The mark of your ignorance is the depth of
Scott K. Ellis | your belief in injustice and tragedy.
storm@gate.net | What the caterpillar calls the end of the world,
| the master calls a butterfly.
| -- Illusions
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM+YJqaCk2fENdzpVAQGD7wP+KcsJmTerlvbV+uLnNiox4Ud5J684Es8X
OWtuYVYsGkGxLSa84TKeWre/hdC659tcOhbaV5CckLuQ5nok6QyiIDNXA2NkQSRa
B7GMF33o9tZ2qOfZIFZOJHQGvtqLi5D4G80LUYgt9ix23i6+kHwA0ql91DTFvnjk
YlHnrySzCNc=
=Jb2A
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: