System Administration Guide: Security Services

ProcedureHow to Enable Only Kerberized Applications

This procedure restricts network access to the server that is running telnet, ftp, rcp, rsh, and rlogin to use Kerberos authenticated transactions only.

  1. Change the exec property for the telnet service.

    Add the -a user option to the exec property for telnet to restrict access to those users who can provide valid authentication information.


    # inetadm -m svc:/network/telnet:default exec="/usr/sbin/in.telnetd -a user"
  2. (Optional) If not already configured, change the exec property for the telnet service.

    Add the -a option to the exec property for ftp to permit only Kerberos authenticated connections.


    # inetadm -m svc:/network/ftp:default exec="/usr/sbin/in.ftpd -a"
  3. Disable other services.

    The in.rshd and in.rlogind daemons should be disabled.


    # svcadm disable network/shell
    # svcadm disable network/login:rlogin