How to Enable Only Kerberized Applications
This procedure restricts network access to the server using telnet, ftp, rcp, rsh, and rlogin to Kerberos authenticated transactions only.
-
Edit the telnet entry in /etc/inetd.conf.
Add the -a user option to the telnet entry to restrict access to those users who can provide valid authentication information.
telnet stream tcp nowait root /usr/krb5/lib/telnetd telnetd -a user
-
Edit the ftp entry in /etc/inetd.conf.
Add the -a option to the ftp entry to permit only Kerberos authenticated connections.
ftp stream tcp nowait root /usr/krb5/lib/ftpd ftpd -a
-
Disable Solaris entries for other services in /etc/inetd.conf.
The entries for shell and login need to be commented out or removed
# shell stream tcp nowait root /usr/sbin/in.rshd in.rshd # login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind
- © 2010, Oracle Corporation and/or its affiliates