Kerberos & xinetd

[Ken Raeburn]

harry_rueter at gmx.de (Harry Rüter) writes:

> i'm tryin to run MIT kerberos 1.2.5 via
> the xinetd daemon.
>
> As i'm relativly new to kerberos, especially
> in combination with xinetd, i'd like to
> ask if anybody did this succesfully ?
>
> I'd like to know how it's configured best (in xinetd).

The MIT Kerberos documentation tells you how to add lines to the
traditional inetd.conf file to run various Kerberos based services.
The xinetd.conf file format is different, but most of the information
is the same; just rearrange the examples we're provided.

For example, a machine of mine at work is running one Kerberos service
through xinetd.conf, using this description:

    service eklogin
    {
            socket_type     = stream
            wait            = no
            user            = root
            server          = /.../sbin/klogind
            server_args     = -k -e
            disable         = no
    }

where the old entry might have looked like:

    eklogin stream tcp nowait root /.../sbin/klogind klogind -k -e

The descriptions for the other services should be similar.

BTW, note that at least some versions of xinetd support IPv6, but not
all of the Kerberos services in 1.2.x do.  I'm working on improving
this for 1.3, but some, like ftp, still will not support IPv6.  If you
run into problems running Kerberos services under an IPv6-enabled
xinetd, try disabling IPv6 support for the service and see if that
helps.  That's "flags = IPv4" according to the man page on my system.

Ken