On Sat, Oct 14, 2000 at 18:48 +0530, Sridhar wrote:
what u r referring to is the vanilla config of tcpd, i use it, everyone uses that.
I guess you talk about blocking the connection before seeing anything of the service due to IP parameters.
i'm not saying that. servers without tcpd is unthinkable.. almost. xinetd promises to phase it out, but the point i'm making is to filter it after the login process runs. the client should never know what cut the connection, whether it's the login, the ip address, the time.. the more the tcpd is hidden the better. tcpd is indispensible ;)
Then you might want to stack up something like tcpserver -> checkpasswd -> service w/o (explicit) auth This way you can swap in whatever checkpasswd implementation you like or whatever "knows best" about the (to follow) service's auth protocol. And it unfortunately means to fiddle with the services to rip the auth out or to make it look at variables or something passed from the checkpasswd. Since you have those extra wishes, you should not moan about the extra work they cause you. :) tcpserver is part of the ucspi-tcp package (start to read at http://cr.yp.to) and checkpasswd is usually found in the qmail-pop3d environment (at DJB, too, or at http://www.qmail.org and friends). The above architecture is BTW really great for selfmade services: Just write something that reads from stdin and writes to stdout. Plug it onto the net with a simple "tcpserver host port prog" command. And put (any!) auth into the chain by dropping checkpasswd in. They're available for passwd / shadow, LDAP, db / cdb / any textfile, maybe PAM too). vpopmail does virtual email domains with it. As DJB states "modularity is not a hack".
[ ... fullquote snipped, do that yourself next time! ... ]
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.