Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!ns.saard.net!news.camtech.com.au!news.adelaide.on.net!news.ade.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!EU.net!usenet2.news.uk.psi.net!uknet!usenet1.news.uk.psi.net!uknet!uknet!lyra.csx.cam.ac.uk!news.ox.ac.uk!news From: Neil Long <neil.long@materials.oxford.ac.uk> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Tcp_wrappers won't work! Date: 19 Oct 1996 08:29:21 GMT Organization: Department of Materials, University of Oxford Lines: 47 Message-ID: <54a3h1$o12@news.ox.ac.uk> References: <548avr$184@news.ox.ac.uk> <01bbbd62$271bd240$32498796@rc6855.ResComp.Arizona.EDU> <549hup$l92@dewey.udel.edu> NNTP-Posting-Host: njl2.materials.ox.ac.uk X-Newsreader: NN version 6.5.0 (NOV) alexandr@stimpy.eecis.udel.edu (Jerry Alexandratos) writes: >In article <01bbbd62$271bd240$32498796@rc6855.ResComp.Arizona.EDU>, >Tim Jensen <tlj@u.arizona.edu> wrote: >:I had the same problem until I actually read the Makefile. By default the >:tcp_wrapper will NOT look in /etc for the hosts.allow and hosts.deny files. >: I can't remember where it does look but it is easily changed by editing >:the Makefile. >If you built tcp_wrapper via the ports system, then the hosts.* files >will be located in /usr/local/etc. Check it out, the patch is plain as >day. My guess is that anything that is built with the ports system is >intended to be local, hence /usr/local. >:On a similar topic, I am have been unable to get the wrapper to perform an >:identd lookup on the remote host, even with the RFC1413 option enabled in >:the Makefile. Are the results of the lookup included in /var/log/messages >:when successful? >You need to install pidentd. Look in /ports/security/identd. > --Jerry >-- >8) Jerry Alexandratos % - % "Nothing inhabits my (8 >8) alexandr@louie.udel.edu % - % thoughts, and oblivion (8 >8) darkstar@strauss.udel.edu % - % drives my desires." (8 Well, every system I use tcp_wrappers on has the deny/allow in /etc. It is common to nfs mount /usr/local on many systems and putting such a critical system security file at the mercy of nfs mount attacks is not sensible IMHO. The packaged version needs a README or something as the man pages are still pointing to /etc. Don't want to be picky about this - just wanted to alert people who may edit the /etc files and go home without checking. Thanks for the comments. Neil -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Neil J Long, Department of Materials, University of Oxford * Parks Road, Oxford, OX1 3PH, UK * EMail: Neil.Long@materials.oxford.ac.uk * Tel: +44 (0)1865-273678 Fax: +44 (0)1865-273789