Installing and Administering Internet Services
Chapter 11 359
Secure Internet Services
Configuring the Secure Internet Services
Configuring the Secure Internet
Services
Provided that the general secure environment configuration
requirements have been met (see “Configuration and Kerberos Version
Interoperability Requirements” on page 353), the tasks required
specifically for configuring the Secure Internet Services are described
below.
The KDC
A properly configured KDC must be running for the Secure Internet
Services to work. However, you do not need to perform any specific tasks
on the KDC for the configuration of the Secure Internet Services.
Security Clients
The following steps are required on security clients:
1. Log in as root on the system where the security client is running.
2. Make sure the following ports exist in the /etc/services file or in
the NIS or NIS+ services database:
klogin 543/tcp
kshell 544/tcp krcmd kcmd
If you are using NIS or NIS+, then these entries should be made in
the NIS or NIS+ services database.
3. Make sure the /etc/inetd.conf file has the following lines:
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
kshell stream tcp nowait root /usr/lbin/remshd remshd -K
ftp stream tcp nowait root /usr/lbin/ftpd ftpd
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
You may choose to set different options from the default options listed
above. For example, to enforce Kerberos V5 authentication on ftp
and telnet, add the -A option after ftpd and telnetd. To prevent
non-secure access from rcp, remsh, and rlogin, comment the
following two lines out of the /etc/inetd.conf file:
#shell stream tcp nowait root /usr/lbin/remshd remshd
#login stream tcp nowait root /usr/lbin/rlogind rlogind