Subject: Re: [netatalk-admins] tcpwrapper
From: Wes Brown (wes@prozac.eeap.cwru.edu)
Date: Thu Mar 12 1998 - 08:30:00 EST
> > Date: Thu, 12 Mar 1998 10:43:06 GMT
> > From: Jonathan Peterson <jon@amxdigital.com>
> > To: <netatalk-admins@umich.edu>
> > Subject: [netatalk-admins] tcpwrapper
> >
> >
> > Sorry to be ignorant, but what are TCPwrappers, and why does Netatalk
> > highly recommend them? Are they a security thing or a speed thing (or
> > both?) and where can I get them.
>
> It's a security thing. It originally started as a program that
> "wrapped" itself around inetd applications. Inetd is reconfigured
> (through inetd.conf) to invoke the wrapper first, which then execs the
> service program. But before running the service program the wrapper
> checks the peer address against a list of rules found in
> /etc/hosts.allow and /etc/hosts.deny to see if that host is allowed
> for this service. The access is also logged, and the connection is
> checked for any use of IP source routing.
>
> The routines that parse the files and perform the actual checking
> were pulled out and placed in a separate library---libwrap---so
> that they could be easily embedded in other daemon applications
> which were not controlled by inetd. The library is what netatalk
> wants to use.
Something that I have been wondering, but have not taken the time to read
the source to find out is what is the prefix for the /etc/hosts.deny
/etc/hosts.allow file that can wrap out just netatalk?
I would guess it is one of the following:
netatalk:ALL
atalkd:ALL
afpd:ALL
Does it only work for AppleShareIP?
Wes
---
Wes Brown
ewb4@po.cwru.edu wes@prozac.cwru.edu
http://prozac.cwru.edu/wes/About.me.html
KB8TGR
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:31:31 EST