Configuring the Secure Internet Services

Log in as root on the security client system.

Make sure the following ports exist in the /etc/services file or in the NIS services map.

klogin 543/tcp kshell 544/tcp krcmd kcmd

The secure versions of telnet/telnetd and ftp/ftpd applications run on the same ports as the non-secure versions. The telnet service uses port 23 and the ftp service uses port 21.

If you are using NIS, then these entries should be made in the NIS services database.

Make sure the /etc/inetd.conf file has the following lines:

klogin  stream tcp nowait root  /usr/lbin/rlogind   rlogind -K

kshell  stream tcp nowait root  /usr/lbin/remshd    remshd -K 

ftp     stream tcp nowait root /usr/lbin/ftpd     ftpd  

telnet  stream tcp nowait root /usr/lbin/telnetd  telnetd 

You may choose to set different options from the default options listed above. For example, to enforce Kerberos V5 authentication on ftp and telnet, add the -A option after ftpd and telnetd. To prevent non-secure access from rcp, remsh, and rlogin, comment the following two lines out of the /etc/inetd.conf file:

#shell  stream tcp nowait root  /usr/lbin/remshd   remshd 

#login  stream tcp nowait root  /usr/lbin/rlogind  rlogind 

	CAUTION: If the shell line is commented out, the rdist command will no longer work.

If you modified the /etc/inetd.conf file, run the inetd -c command to force inetd to reread its configuration file.

Repeat steps 1-4 for all security client systems.