name resolution, tcp_wrappers & finger from Jim Williams on 1999-07-24 (tru64-unix-managers)

From: Jim Williams <jim.williams_at_alaska.edu>
Date: Fri, 23 Jul 1999 15:38:05 -0800

My apologies if this is in the archives, but www-archives.ornl.gov seems
to be down and I can't search...

I'm running 4.0D + C2 + jumbo 3 on a PWS 433au. tcp_wrappers 7.6

Let me start by saying that I don't think the problem is tcp_wrappers,
but something that is preventing the host from resolving names, either
through dns or by using /etc/hosts when finger is called by
safe_finger. Fingering user_at_some.host is just the easiest way to
reproduce the symptoms.

Background: user's on the box are not getting logged in because the
wrapper is denying them (via -D PARANOID at compile time). The wrapper
appears to be denying them because it can't resolve the name/ip in both
directions. DNS *is* working correctly and the connecting hosts are in
the tables both ways. When the wrapper denies the connection, it tries
to do a reverse finger to the connecting host and then mails me a
message. The message contains the following error:
unknown host: host.domain

This prompted me to look at the safe_finger command, thinking that I'd
screwed up the line in hosts.deny. Not the case. Running safe_finger
against the connecting host produced the same error. Running finger
directly against the connecting host *as root* worked, but running the
same as a "normal" user failed. su'ing to nobody and running it fails
as well (nobody is the user that safe_finger runs as). I've checked the
permissions and ownerships of /, /usr, /usr/bin * /usr/bin/finger and
they're ok (the same as an almost identically configured PWD 433 on my
desk which doesn't show the same behavior):
drwxr-xr-x 21 root system 8192 Jul 23 11:18 /
drwxr-xr-x 25 root system 8192 May 11 09:50 /usr
drwxr-xr-x 6 root system 16384 Apr 11 09:12 /usr/bin
-rwxr-xr-x 2 bin bin 40960 Dec 29 1997 /usr/bin/finger

resolution order in /etc/svc.conf is local,bind,yp

If anyone has a clue, I'd really appreciate hearing it. TIA & I'll
summarize.

-- 
Jim Williams
Network Systems Programer
University of Alaska
Information Technology Services
http://sxjvw-2.sons.alaska.edu
Email				Snail Mail
jim.williams_at_alaska.edu		P. O. Box 755320
Phone: (907) 474-6290		910 Yukon Dr.,  Suite 105
Fax:   (907) 474-7127		Fairbanks, AK  99775-5320
InterNIC: JW18920
See web page for PGP fingerprint & public key
#include <stddisclaimer.h>

Received on Fri Jul 23 1999 - 23:40:27 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:39 NZDT