Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP wrapper problem

Status
Not open for further replies.
gilsont

gilsont

Technical User
Sep 16, 2004
47
GB
[TT]

On AIX 5.3 I have got TCP wrappers working but not quite as I require.

In /etc/hosts.allow I have

telnetd : labnim

And this allows all users to telnet in from labnim. If I try to restrict this to only root from labmin using:

telnetd : root@labnim

... all telnet connections are denied and root can no longer log in. How can I restrict access to just root?

[/TT]
 
Sort by date Sort by votes
Jim - yes it is.

The wrapper logs say 'connection refused' when I have 'root@labnim' but a connection is allowed with just 'labnim'.

 
Upvote 0 Downvote
What does the telnet line in your /etc/inetd.conf file look like? Also, have you tired using the FQDN for labnim as an alternative to just the hostname?


Jim Hirschauer
 
Upvote 0 Downvote
Jim - thanks for your continued assistance.

We do not have a NIS environment and so there is no FQDN.
The /etc/ined.conf line for telnet reads:

telnet stream tcp nowait root /usr/local/bin/tftpd telnet -a

I altered 'tcp6' to be 'tcp'.

It just does not seems to recognise the root@host syntax in /etc/hosts.allow.

Tim
 
Upvote 0 Downvote
hmmmm, not sure if this will make a difference but I think your inetd.conf entry should read....

telnet stream tcp nowait root /usr/local/bin/tftpd telnetd -a

Also, you don't need to be running NIS to have a FQDN. Do you use DNS? Do you just resolve using host files? Name resolution can cause all sorts of strange issues when using tcp services.


Jim Hirschauer
 
Upvote 0 Downvote
Hi,

My /etc/hosts.deny file contains:

ALL: ALL

Jim - actually I do have

telnet stream tcp nowait root /usr/local/bin/tftpd telnetd -a

in /etc/inetd.conf ( I made a typo when appending to the forum).

I am just using /etc/hosts - no DNS or NIS.

This is really frustrating - do any others have the ability under AIX to use TCP wrappers to lock down a service to one userid form one host only?

Tim.
 
Upvote 0 Downvote
... using the IP address also doesn't fix the problem.

Anyone have any more ideas?
 
Upvote 0 Downvote
Try :

telnetd: root@labnim : ALLOW

"If you always do what you've always done, you will always be where you've always been."
 
Upvote 0 Downvote
Try :

telnetd: root@labnim : ALLOW

In hosts.allow

"If you always do what you've always done, you will always be where you've always been."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

amandeepgautam
  • Locked
  • Question
AIX problem creating package with mkinstallp
Replies
0
Views
142
amandeepgautam
amandeepgautam
msxi
  • Locked
  • Question
IBM AIX tcp port opens twice when initiating a connection as part of an interface
Replies
0
Views
89
msxi
msxi
engineercv
  • Locked
  • Question
fortran 95 problem: thread error the handle is invalid (6)
Replies
0
Views
91
engineercv
engineercv
passion7aix
  • Locked
  • Question
Command to see tcpip connections from last day on AIX LPAR ?
Replies
1
Views
211
Guest_imported
Guest_imported
nnnnnnine
  • Locked
  • Question
What is the same TCP parameters in AIX?
Replies
3
Views
182
blarneyme
blarneyme

Part and Inventory Search

Sponsor

Back
Top