To:
Dean Anderson <dean@av8.com>
cc:
Doug Barton <DougB@DougBarton.net>, Brad Knowles <brad.knowles@skynet.be>, Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>, <dnsop@cafax.se>
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Sat, 5 Apr 2003 09:07:42 +0300 (EEST)
In-Reply-To:
<Pine.LNX.4.44.0304042251090.19441-100000@commander.av8.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsop-inaddr-required-04.txt
Use the source Luke! Do not have blind belief in readme's. I've every confidence that Doug knows how services are in FreeBSD -- you might want to have a look at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/staff-committers.html -- and as it happens, I happen to use tcp-wrappers a lot with non-inetd programs also, and a *LOT* of others do so as well. Just to mention a very common one, OpenSSH. On Fri, 4 Apr 2003, Dean Anderson wrote: > I think you are confusing tcp-wrappers with socks. No doubt that > socks-like library could be made from tcp-wrappers, but I don't think > there has been. Its kind of a mute point though, since as has been pointed > out, no one uses this functionality, and large sites don't run these > servers out of inetd. > > Could such services be built? Sure. > > Are they built? No. > > >From the tcp-wrappers readme: > === > There are two ways to use the wrapper programs: > > 1) The easy way: move network daemons to some other directory and fill > the resulting holes with copies of the wrapper programs. This > approach involves no changes to system configuration files, so there > is very little risk of breaking things. > > 2) The advanced way: leave the network daemons alone and modify the > inetd configuration file. For example, an entry such as: > > tftp dgram udp wait root /usr/etc/tcpd in.tftpd -s /tftpboot > === > > > --Dean > > On Fri, 4 Apr 2003, Doug Barton wrote: > > > On Fri, 4 Apr 2003, Dean Anderson wrote: > > > > > TCP wrappers only works on services that run out of inetd. Most large > > > sites doen't run FTP, gopher, or HTTP out of inetd. > > > > This is not correct. You can link with the tcp wrappers library for just > > about any network service. Most of the FreeBSD network services are > > configured this way, for example. > > > > Doug > > > > -- > > > > If it's moving, encrypt it. If it's not moving, encrypt > > it till it moves, then encrypt it some more. > > > > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.