similar to: ACLs, binding to an interface, and libwrap

Hello, There is a small but annoying problem with linking libwrap in openssh. The library is added to LIBS which makes it be linked in to all binaries. This is unnecessary and leads to bogus dependencies if libwrap is a shared library. Following is a trivial fix that reserves a separate autoconf substitution variable LIBWRAP, which is only used for sshd. Please apply. Maciej -- +

Hello all, after a useless discussion on the opensuse ML I had to find out that they buried the removal news of libwrap last year in some half-sentence. So this is unfortunately pretty late for the topic. Nevertheless it is pretty obvious that you did not get any feedback from people using ssh over decades in server-administration. Let me make a clear point: libwrap removal was a pretty bad idea.

Hi, A few things regarding logging and libwrap.. a) PAM_RHOST patch Back in July, dean gaudet helpfully posted a patch to dovecot PAM_RHOST the remote IP. Is this going to be included in the main dovecot tree? It seems like a worthwhile addition. The more informative and concise the logging the better. See http://www.dovecot.org/list/dovecot/2004-July/004011.html for the original message.

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part

Is there plans to use libwrap Or is there already some kind of access control i have missed?? What i really want is a mechanism so i can say: If The request comes from "123.121.212.0" dont offer ssl and accept plain else demand ssl and no plain I now have this (almost) in another imap server by xinetd and two ip addresses. I could solve this by iptables or access list on the router

Hi! Is there any reason why support for the libwrap code isn't included in the X11 forwarding code? I'd like to restrict access to that port. How many applications would break if the tcp port would be closed and only the unix-domain socket would be available? It's true that x11 forwardings can be considered as a security risk and they are disabled because of that by default. I

On Wed, 20 May 2015 14:46:57 +0200 Peter Stuge <peter at stuge.se> wrote: > Stephan von Krawczynski wrote: > > it is pretty obvious > > I guess you're not only not subscribed to the development list, but > you seem to also not have looked at the list archives. > > You can only seem like a troll if you act as if you know best but > in fact you are wrong.

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49

It works ! It was THAT easy ! Can you suggest how to replace the hair I pulled out ? :-) On 2016-12-29 5:27 PM, Larry Rosenman wrote: > login_access_sockets = tcpwrap > > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user > mode = 0600 > user = $default_login_user > } > } > > > > On Thu, Dec 29, 2016 at

Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone at mathom.us> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >>

I'm trying to kickstart 2.0b3 on my NetBSD system (where 1.2.x works great!), and keep hitting: Fatal: service(tcpwrap) access(/software/dovecot-2.0beta3/libexec/dovecot/tcpwrap) failed: No such file or directory Indeed, that file doesn't exist...but I don't have nor want libwrap. It appears that doveconf includes tcpwrap... service tcpwrap { chroot = client_limit = 1

All, I have successfully compiled and installed openssl 0.9.6g and am attempting to install openssh-3.4p1. I am using the following cofigure command for openssh: ./configure --prefix=/opt/local --sysconfdir=/opt/local/etc/ssh --with-tcp-wrappers --with-ssl-dir=/opt/local --with-rand-helper The configuration appears to work flawlessly. However, when I try to make the package I get the

Hi all, I've hit a problem with OpenSSH 2.1.1p4 and TCP Wrappers, and have noticed others may also have seen the problem. When OpenSSH is compiled with wrapper support, access using standard userid/password fails - authentication works ok and a shell is gained and then immediately terminated. Running client in debug mode shows no obvious errors, and debug output from syslog also reveals

Hi, I noticed recently that libwrap (TCP Wrappers) is supported, although disabled by default, in the current Dovecot 2.0 but doesn't seem to be mentioned anywhere on the wiki. Is this working well/at all? Anyone care with experience using this care to share their experiences? My OS is FreeBSD, I noticed on some Linux distributions there may be issues, but this won't affect

Dovecot with libwrap doesn't work on FreeBSD for some reason or another. I have these lines in my /etc/hosts.allow: ALL: LOCAL 127.0.0.1: allow pop3: ALL: allow ALL: ALL: deny Yet when you try to telnet to localhost, port 110 this is what happens: Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied I also tried auth_debug=yes to see what's wrong

Hello, I try to compile openssh-2.9p1 on a SGI Origin 200 computer under IRIX 6.5 with the option --with-tcp-wrappers enable. I have also compiled tcp-wrapper and have installed the library libwrap.a in /usr/lib and the file tcpd.h in /usr/include. When i run the ./configure script i have a error. The script asked me that the libwrap is missing. How can i resolve this ? Thanks. Bests Regards

Hello all, I have been having some trouble getting my Icecast server and IceS streamer up and running properly. I have successfully compiled both (Icecast 1.3.10 and IceS 0.0.1beta5) with libwrap and encrypt enabled. I can start up Icecast fine, with the following logged messages on startup: Icecast Version 1.3.10 Initializing... Icecast comes with NO WARRANTY, to the extent permitted by law.

On Tue, 17 Apr 2001, Andrew M. Wu wrote: > Hello all, > > I have been having some trouble getting my Icecast server and IceS > streamer up and running properly. I have successfully compiled both > (Icecast 1.3.10 and IceS 0.0.1beta5) with libwrap and encrypt enabled. > > I can start up Icecast fine, with the following logged messages on > startup: > > Icecast