Banners in Kerberized services
Douglas E. Engert
deengert at anl.gov
Wed Dec 10 09:10:25 EST 2003
Quellyn Snead wrote:
>
> Hello,
>
> I have been trying to get TCP Wrappers to display connection banners
> for Kerberized services (rlogind/rshd in particular) on my Red Hat 9
> system.
>
> Displaying /etc/motd upon successful authentication always works;
> however, if I try to use banners through TCP Wrappers, the client's
> connection seems to hang. For example in my hosts.allow:
>
> klogind: XXX.YYY. : banners /etc/banners : ALLOW
>
> BTW, I used TCP Wrappers' Banners.Makefile to create the banner files
> and changed their names to match the service names in hosts.allow
> (klogind, kshd).
>
> I am wondering if this is expected behavior for the Kerberized
> versions of these services? I have tried to replicate this behavior on
> a Solaris system using non-Kerberized rlogind and in that scenarios
> the banner does appear.
Yes this is expected. The kerberized versions of these clients expect to
receive some kerberos response from the server, and are most likely getting
the banner instead and are confused. If you are willing to chnage the client
to ignore the banner, you might get it to work.
>
> I am quite new to Kerberos and truly appreciate any help you might be
> able to give
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list