Date: Thu, 25 Dec 2003 14:38:16 +0200 (EET) From: Alexander <amour@bugs.elitsat.net> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: questions@freebsd.org Subject: Re: identd in jailed 4.9-STABLE Message-ID: <20031225141424.S4180-100000@bugs.elitsat.net> In-Reply-To: <20031225083615.GA26439@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, you seem to not have tried this under 4.9 or not under jail. In the host environment I haven't run anything else but sshd which is bound to listen on the IP != jail environment. In the jail environment it's not possible to bind on IP outside the jail. After googling a little I found that this is because identd uses tcp_getcred() which won't leak information to jail environment. There were a patch for 4.3 which made identd work but the patch won't work on 4.9-STABLE. If someone made identd work in jailed environment, please explain how. thanks On Thu, 25 Dec 2003, Matthew Seaman wrote: > On Thu, Dec 25, 2003 at 01:28:12AM +0200, Alexander wrote: > > > did someone make identd work on 4.9-STABLE in jailed environment ? > > Don't see why it should cause any particular difficulties. You'll > need to run an instance of inetd(8) in each jail where you want ident > capability. All of those inetd(8)'s and any inetd(8) from the base > system should be bound to specific IP addresses by using the '-a' > option -- otherwise they all attempt to bind to INADDR_ANY and end up > fighting each other. > > Eg: if your machine uses 192.168.0.1 as it's principal IP and has an > alias address of 192.168.0.2 used by a jail, and you want inetd > services in both, you would put: > > inetd_enable="YES" > inetd_flags="-wW -a 192.168.0.1" > > in /etc/rc.conf on the host environment, and: > > inetd_enable="YES" > inetd_flags="-wW -a 192.168.0.2" > > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH UK >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031225141424.S4180-100000>