 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
WARNING: This information has not been updated since October, 1997!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEX ENTRY FOR LOGDAEMON:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Name: logdaemon - Security-enhanced network daemons
Version: 5.6
Author(s): Wietse Venema <wietse@wzv.win.tue.nl>
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
P.O. Box 513
5600 MB Eindhoven
The Netherlands
Ftp source: ftp.win.tue.nl:/pub/security
Description:
This archive contains the result of years of gradual transformations
on BSD source:
(1) rsh and rlogin daemons that log the remote username and perform
logging and access control in tcp/ip wrapper style. By default
these daemons do not accept wildcards in hosts.equiv or .rhosts
files. Both daemons have an '-l' option to disable user .rhosts
files. The rshd optionally logs the user command (edit Makefile).
The programs are more picky than usual about file permissions
of .rhosts files: they must be owned by the user (or by the
superuser), and they may not be group or world writable.
(2) ftpd, rexecd and login software with fascist login failure logging
and with optional support for S/KEY** one-time passwords. The rexecd
daemon disallows root logins, once my favourite backdoor. The
support for S/KEY one-time passwords is optional, and completely
invisible to users that do not need it. UNIX passwords are still
permitted by default. A short description of how to use S/KEY can
be found in the skey subdirectory. Binaries for DOS and other
systems can be found on thumper.bellcore.com. The rexecd optionally
logs the user command (edit Makefile).
(2a) ftpd and login software that supports the SecureNet card (code
donated by William LeFebvre, Argonne National Laboratory). This
software needs a DES library (for example, host ftp.psy.uq.oz.au
directory /pub/Crypto/DES). See snk/README for more information.
The code has been tested with SunOS 4.x and 5.x.
(3) an S/KEY login shell for sites that cannot replace the login
program. Users first log into a password-less dummy account. The
S/KEY login shell prompts for their real account name and presents
the corresponding S/KEY challenge.
The S/KEY support uses the MD4 or MD5 hash function. The mode (MD4 by
default, for backwards compatibility) is selected in skey/Makefile.
-- Quoted from the 5.6 README file
Advertised architectures:
All code works with SunOS 4, SunOS 5 (Solaris), Ultrix 4.x and
other BSD43/SYSV4 clones. In addition, the S/KEY-ified parts work
with IRIX 5.3, HP-UX 9.0, and Sony NewsOS 4.x; the login clone
also reportedly works with Linux. There is a very good chance
everything now also works with Digital UNIX, but I was unable to
test this myself.
-- Quoted from the 5.6 README file
Prerequisites:
A C compiler is required. In addition, the rshd and rlogind
programs need the libwrap.a library that comes with recent
(version >= 7.0) TCP/IP daemon wrapper implementations. (This
package may be found in security/tcpd.tar on the UNIX System
Administration Handbook CD-ROM).
** S/KEY is a trademark of Bellcore.
