Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Blocking ftp users to connect using telnet
Top Forums UNIX for Dummies Questions & Answers Blocking ftp users to connect using telnet Post 63255 by qfwfq on Wednesday 23rd of February 2005 04:31:38 PM
Old 02-23-2005
I have a REDHAT box and configure users this way in passwd file. Users then have ftp access but no telnet access.

user:x:1001:1000:FTP User:/home/user:/sbin/nologin

By the way, never use telnet but use SSH.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to Re-connect to floating telnet sessions

We use SCO OSR5 with TermLIte to create telnet sessions. If you accidently click X on the TermLite screen and exit the session you leave process running. I've heard of a program that will allow you to re-connect to these 'floating' sessions and then be able to carry on your session. Does anyone... (2 Replies)
Discussion started by: mikeh
2 Replies

2. Solaris

connect whit Telnet without password

It's possible to connect whit Telnet (or rlogin) whithout password??? I must write a script (this script run on a windows machine), then after the connection on Unix machine, run a perl script and exit. I can know if an host can be consedered "Trusted" like SSH protocol? Thanks! (2 Replies)
Discussion started by: raffyTxT
2 Replies

3. UNIX for Dummies Questions & Answers

telnet, ftp is running but can't connect from outside

Yesterday, I and all my users couldn't connect to my server using ssh, telnet or ftp even though they were running (keep getting "connection timed out" error message). This morning, my partner logon from the main console, restarted sshd and xinetd (I belive he didnt restarted the server), now I... (0 Replies)
Discussion started by: Micz
0 Replies

4. Shell Programming and Scripting

ftp script not able to connect to ftp server.

I have the following ftp script to get files from a remote location. However, on running the script I find that I am not even able to connect to ftp server. I am able to connect to ftp server using other GUI ftp tools like WS_FTP using the same IP. IP used here is a dummy IP. What can go... (3 Replies)
Discussion started by: gram77
3 Replies

5. UNIX for Dummies Questions & Answers

Blocking FTP login at Solaris

Hi, We have an application which runs on telnet port, application structure is file based, we have to give write permissions to all the users to all files so that they can work on the system. Recently we have noticed that all ordinary users can login through ftp and delete any file (... (7 Replies)
Discussion started by: nervous
7 Replies

6. Solaris

Non-blocking connect readability & writeability

Hello, When using a non-blocking connect, is it _guaranteed_ that connection completion can be detected by selecting for writeability? I have encountered situations where the socket has returned both readable and writeable at the same time - having trawled the net, I have seen some old posts... (1 Reply)
Discussion started by: tristan12
1 Replies

7. UNIX for Dummies Questions & Answers

Which program can I use for blocking unauthorized access via/ssh/ftp

Hi, I need to install a program on my Centos 5.3 server that will block unauthorized ssh/ftp access attempts. The two features I require is that I should be able to configure the program to block the IP of the intruder after a a certain amount of access attempts and that it should display a... (3 Replies)
Discussion started by: mojoman
3 Replies

8. Programming

non blocking connect

OS : solaris 10 X86 I created stream socket, tries to connect to port 7 on the remote machine. After doing the non blocking connect call I did select with time out value is 3 secs. I am always getting timed out though I am writing prior to select. code: x=fcntl(S,F_GETFL,0);... (1 Reply)
Discussion started by: satish@123
1 Replies

9. AIX

ftp connect in passive mode , ftp settings

how to connect to ftp server in passive mode? ftp server.abc and how can i see ftp settings, doesn't exist some ftpd.conf there is some other file where i check the options and configurations of ftp server? Thanks (3 Replies)
Discussion started by: prpkrk
3 Replies

10. Programming

Looping connect call for a non blocking socket

will there be any unexpected results on looping connect call for a non blocking socket to determine the connection based on error code. I am getting connection unsuccessful intermittently and so wondering whether is the timeout 500 millisec not sufficient or looping connect cause any unexpected. ... (7 Replies)
Discussion started by: satish@123
7 Replies

LEARN ABOUT MINIX

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 09:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy