Displaying 20 results from an estimated 500 matches similar to: "VETO! Re: heads up: tcpwrappers support going away"
2014 Apr 22
2
heads up: tcpwrappers support going away
Hi,
This is an early warning: OpenSSH will drop tcpwrappers in the next
release. sshd_config has supported the Match keyword for a long time
and it is possible to express more useful conditions (e.g. matching
by user and address) than tcpwrappers allowed.
Removing it reduces the amount of code in the 'hot' pre-authentication
path in sshd and rids us of a dependency.
-d
2008 Apr 24
3
TCPWrappers + Sendmail = not working
I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows:
/etc/hosts.allow
sendmail : 10.0.0.0/255.0.0.0
sendmail : LOCAL
/etc/hosts.deny
sendmail : ALL
When I try to connect to port 25 from an Internet host via telnet, the
server still responds as usual. The only difference I see is this in
my /var/log/maillog:
Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers
2007 Sep 25
1
Samba and TCPWrappers
Good Morning,
I have a Centos 4.5 (x86_64) server running samba to share data with
windows users. We've been going through a security audit and the
following log entries were noted:
[2007/09/24 09:37:29, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
get_alias_user_groups: gid of user bendew doesn't exist. Check your /etc/passwd and /etc/group files
[2007/09/24 09:37:29, 1]
2011 Apr 28
1
port forwarding
Hi,
I'm using CentOS release 5.6 (Final) and Xen 3.1. I'm writing to ask
how to configure port forwarding. With virt-manager 0.6.1 I added the
machines, but there I don't see an option for port forwarding.
I would like to reach the VM on a specific port of the host machine.
Once the machinces are running, I can configure iptables so that the
port forwarding works, but after
2014 Apr 23
3
hackers celebrate this day: openssh drops security! was: Re: heads up: tcpwrappers support going away
On 23 April 2014 21:43, mancha <mancha1 at zoho.com> wrote:
> On Wed, Apr 23, 2014 at 12:26:58PM -0700, Iain Morgan wrote:
>> A slightly better solution would be a PAM module that uses the same
>> syntax as libwrap. Possibly someone has already written such a module.
>
> Possibly, but only for platforms which use for PAM.
Pam is executed so late in the chain that any
2005 Jan 17
19
[Bug 973] sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option.
http://bugzilla.mindrot.org/show_bug.cgi?id=973
Summary: sshd behaves differently while doing syslog entries for
tcpwrappers denied message, with -r and without -r
option.
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2013 Jul 03
1
tcpwrappers
hi everybody
having I believe sort of plain-vanilla config with section
in 10-tcpwrapper.conf
as per docs
login_access_sockets = tcpwrap
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
/etc/hosts.deny contains:
ALL: given_host
and yet dovecot logins IMAP client in
whereas other tcpwrapper aware
2013 Jun 28
1
IMAPS: Disable SSL connection without client certificate
I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month.
It works great. Dovecot serves IMAPS only, and I'm using Thunderbird
to access my mail.
I configured Dovecot to allow clients that present a valid certificate
when establishing SSL connection. I configure my Thunderbird for
SSL/TLS connection with normal password. It works fine.
However, with my config anybody
2011 Jul 27
1
dovecot and tcpwrappers
Hi,
I used dovecot 1.x for quite a while and it worked fine. However, I used it
through inetd and used hosts.allow/deny to restrict access to only certain
groups of systems.
Since yesterday I have dovecot 2.0.13. But in version 2.0.13 it seems that
starting using inetd doesn't work anymore : I only get a strange error
message if I try to connect using telnet :
telnet localhost imap
2007 Feb 12
0
tcpwrappers hosts.allow netmask problem
I can't seem to get netmask notations to work in /etc/hosts.allow on
my Centos 4.4 systems. The docs seem to indicate that network
specifications like 192.168.100.0/24 or 192.168.100.0/255.255.255.0
should work. However, I can only get networks specified like
192.168.100. to work.
Anyone know what I'm missing?
Thanks,
Tom
2017 Sep 26
0
CentOS 7 & TCPWRappers & spawn ..
Hello there !
Has anyone managed to make work on tcp wrappers on hosts.allow the swpan
command in order to check the ip if it is on the permitted one ..?
__________ Information from ESET Endpoint Antivirus, version of detection
engine 16143 (20170926) __________
The message was checked by ESET Endpoint Antivirus.
Email message - is OK
http://www.eset.com
2012 Jan 19
1
LMTP ignoring tcpwrappers
Hello,
we want to use dovecot LMTP for efficient mail delivery from our MX
servers (running postfix 2.8) to our storage servers (dovecot 2.0.17).
However, the one problem we see is the lack of access control when using
LMTP. It apears that every client in our network who has access to the
storage machines can drop a message in a Maildir of any user on that
storage server. To prevent this
1998 Dec 15
1
portmap & tcpwrappers
I don't know if this is RedHat 5.1 specific, but be aware that the version
of portmap distributed is the enhanced (Wietse Venema) version. That's
great, except for two things. The first is documented, but easy to overlook:
"In order to avoid deadlocks, the portmap program does not attempt to look
up the remote host name or user name...The upshot of all this is that only
network
2024 Jan 06
1
Samba AD - two servers - backup and restore AD procedure
Hi All!
I would be grateful for clarification of my doubts about backups and
restoration of the AD environment.
What is the best strategy for backing up and restoring a Samba AD domain in
the following scenarios:
* server1 - active directory service (7 FSMO roles)
* server2 - active directory service + Samba file server
The considered disaster recovery scenarios are:
- Corruption of the AD
2012 Oct 17
24
[zfs] portable zfs send streams (preview webrev)
We have finished a beta version of the feature. A webrev for it
can be found here:
http://cr.illumos.org/~webrev/sensille/fits-send/
It adds a command ''zfs fits-send''. The resulting streams can
currently only be received on btrfs, but more receivers will
follow.
It would be great if anyone interested could give it some testing
and/or review. If there are no objections,
2014 Feb 20
2
HP dl580 g5 RAID management
If this were a Dell RAID, I could use megaraid while the system's running.
Does anyone know what I need to use to manage the HP "amart array" RAID?
I've got an orange light on a drive, and can't find, googling, whether I
can just pull the drive, or if I have to separate it from the RAID, or....
And can't bring the system down to use the firmware interface, not without
2003 Sep 17
2
problem with configure in openssh-3.7p1
Problem: setting --with-tcpwrappers does not configure code to be compiled
with wrapper support
Solution: references to with_tcp_wrappers (lines 4975, 6396, 6397) need to
be changed to with_tcpwrappers
David Purks
Sr Sys Admin
Cogent Communications
2012 Sep 25
2
OpenSSH banner doesnot display multibyte characters like korean
Hello,
The banner message displayed on the screen contain octal values
instead of korean chars. Prior to ssh 5.1 the banner message would
display the charaters properly.
I understand that starting from 5.1 the message is passed through
strnvis() function.
I looked into documentation on strnvis and found that it does not
support multibyte chars and doesnt work well with international chars.
2001 Sep 19
1
Unable to run sshd after Installing Openssh 2.9p2 on Solaris 8
I've installed Openssh 2.9p2 on a Solaris 8 machine with tcpwrappers
installed and used "./configure --with-tcp-wrappers" to configure the
installation. Whenever I try to run sshd I receive the following error:
sshd: Cannot find ELF Killed. Does anyone have any ideas as to what this
error means and what I need to do to correct it?
Thanks!
-------------- next part --------------
2020 Aug 26
1
Dovecot 2.3.11.4 - Centos 6&7 packages
Hi!
We have pushed new versions for these packages that now support tcpwrappers. They were inadvertendly left out from last time, but now they have been restored. Sorry for the inconvenience.
Regards,
Aki Tuomi
Open-Xchange oy