Limitations

When a new request comes in, the UDP (rpc/udp) daemons linger around for a while after servicing the request.In the /etc/inetd.conf file, these daemons are registered with the ‘wait’ option. The nowait option is not supported. Only the request which started such a daemon will be seen by the wrappers.

The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the /etc/inetd.conf file. The only non-trivial service that is affected by this limitation is rexd, which is used by the on(1) command.

Some RPC requests like rwall, rup, rusers et al appear to come from the server host. The client broadcasts its request to all portmap daemons on its network; each portmap daemon in turn forwards the request to a daemon on its own system. However, daemon like rwall assumes that the request is coming from the local host.

The user name lookup feature of TCP Wrappers uses identd to identify the username of the remote host. By default, this feature is disabled, as identd may appear hung when there are large number of TCP connections. To enable the username lookup, perform the steps as described in the tcpd.conf(4)man page.