| [ LinuxFreeBSD ] in KIDS 글 쓴 이(By): zoo11 () 날 짜 (Date): 2001년 8월 18일 토요일 오전 02시 07분 51초 제 목(Title): Re: [질]ftp 접속이 느린이유 tcp_wrapper 의 README에 보면... With some network applications, such as RSH or RLOGIN, the client host name plays an important role in the authentication process. Host name information can be reliable when lookups are done from a _local_ hosts table, provided that the client IP address can be trusted. With _distributed_ name services, authentication schemes that rely on host names become more problematic. The security of your system now may depend on some far-away DNS (domain name server) outside your own control. The wrapper programs verify the client host name that is returned by the address->name DNS server, by asking for a second opinion. To this end, the programs look at the name and addresses that are returned by the name->address DNS server, which may be an entirely different host. If any name or address discrepancies are found, or if the second DNS opinion is not available, the wrappers assume that one of the two name servers is lying, and assume that the client host pretends to have someone elses host name. When compiled with -DPARANOID, the wrappers will always attempt to look up and double check the client host name, and will always refuse service in case of a host name/address discrepancy. This is a reasonable policy for most systems. When compiled without -DPARANOID, the wrappers by default still perform hostname lookup. You can match hosts with a name/address discrepancy with the PARANOID wildcard and decide whether or not to grant service. Automatic hostname verification is enabled by default. Automatic hostname lookups and verification can be turned off by editing the Makefile. The configuration and installation section below describes the Makefile editing process. 이런 말이 나오네요. 결론은 tcpd 구요. 컴파일 하실때 Automatic hostname verification 를 disable 하게 하면 되겠네요. (Makefile 내의 HOSTNAME= -DALWAYS_HOSTNAME 를 주석처리) |