Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Dec 2003 14:38:16 +0200 (EET)
From:      Alexander <amour@bugs.elitsat.net>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        questions@freebsd.org
Subject:   Re: identd in jailed 4.9-STABLE
Message-ID:  <20031225141424.S4180-100000@bugs.elitsat.net>
In-Reply-To: <20031225083615.GA26439@happy-idiot-talk.infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

you seem to not have tried this under 4.9 or not under jail.
In the host environment I haven't run anything else but sshd which is
bound to listen on the IP != jail environment. In the jail environment
it's not possible to bind on IP outside the jail. After googling a little
I found that this is because identd uses tcp_getcred() which won't leak
information to jail environment. There were a patch for 4.3 which made
identd work but the patch won't work on 4.9-STABLE.

If someone made identd work in jailed environment, please explain how.

thanks


On Thu, 25 Dec 2003, Matthew Seaman wrote:

> On Thu, Dec 25, 2003 at 01:28:12AM +0200, Alexander wrote:
>
> > did someone make identd work on 4.9-STABLE in jailed environment ?
>
> Don't see why it should cause any particular difficulties.  You'll
> need to run an instance of inetd(8) in each jail where you want ident
> capability.  All of those inetd(8)'s and any inetd(8) from the base
> system should be bound to specific IP addresses by using the '-a'
> option -- otherwise they all attempt to bind to INADDR_ANY and end up
> fighting each other.
>
> Eg: if your machine uses 192.168.0.1 as it's principal IP and has an
> alias address of 192.168.0.2 used by a jail, and you want inetd
> services in both, you would put:
>
>     inetd_enable="YES"
>     inetd_flags="-wW -a 192.168.0.1"
>
> in /etc/rc.conf on the host environment, and:
>
>     inetd_enable="YES"
>     inetd_flags="-wW -a 192.168.0.2"
>
>
> 	Cheers,
>
> 	Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
>                                                       Savill Way
> PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
> Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031225141424.S4180-100000>