 |
» |
|
|
|
Provided that the general secure environment configuration requirements
have been met (see “Configuration and Kerberos
Version Interoperability Requirements”), the tasks required specifically
for configuring the Secure Internet Services are described below. The KDC | |
A properly configured KDC must be running for the Secure Internet Services
to work. However, you do not need to perform any specific tasks on
the KDC for the configuration of the Secure Internet Services. Security Clients | |
The following steps are required on security clients: Log in as root on the system where the security client is running. Make sure the following ports exist in the /etc/services file or in the NIS or NIS+ services database: klogin 543/tcp
kshell 544/tcp krcmd kcmd |
If you are using NIS or NIS+, then these entries should be
made in the NIS or NIS+ services database. Make sure the /etc/inetd.conf file has the following lines: klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
kshell stream tcp nowait root /usr/lbin/remshd remshd -K
ftp stream tcp nowait root /usr/lbin/ftpd ftpd
telnet stream tcp nowait root /usr/lbin/telnetd telnetd |
You may choose to set different options from the default options
listed above. For example, to enforce Kerberos V5 authentication
on ftp and telnet, add the -A option after ftpd and telnetd. To prevent non-secure access from rcp, remsh, and rlogin, comment the following two lines out of the /etc/inetd.conf file: #shell stream tcp nowait root /usr/lbin/remshd remshd
#login stream tcp nowait root /usr/lbin/rlogind rlogind |
| | | |  | CAUTION: If the shell line is commented out, the rdist command will no longer work. | | | | |
If you modified the /etc/inetd.conf file, run the inetd -c command to force inetd to reread its configuration file. Repeat steps 1-4 for all systems where security
clients are running.
|
