Subject: Re: [netatalk-admins] security question
From: Michael M Han (han@windy.ckm.ucsf.edu)
Date: Wed Nov 18 1998 - 01:32:08 EST
Previously...
>Is there a clever way to keep guests IP restricted and let authenticated users
>in from the 'net?
Sure. Use afpd.conf to startup separate servers... Say one, listening
on ddp and a custom tcp/ip port, accessible to all the world, but not
allowing guests. And a second tcp/ip-only, restricted to local nets on
the default port 548 (configured via wrappers), allowing *only*
guest... something like this I imagine:
"Users" -ddp -tcp -rand2num -port 5480 -noguest -noclear blah blah blah
"Guest" -noddp -tcp -guest -noclear -norand2num blah blah blah
Hrmm, actually, looking more carefully at the hosts_access(5) man
page, this might be tricky... but I think that you can specify a
daemon pattern like:
afpd@xxx.xxx.xxx.xxx:5480
maybe escaping the colon? Otherwise you could always multihome the box
and bind each tcp listener to a different IP, so you don't need to
specify the port number...
_________
mike (han@library.ucsf.edu)
Indian burns are not our cultural heritage
- The collected wisdom of Bart Simpson
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:44 EST