Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > T

tcpd.conf(4)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

tcpd.conf — configuration file for tcpd

DESCRIPTION

When inetd invokes tcpd for a service, it will read /etc/tcpd.conf and perform access control checks (see tcpd(1M)).

Each line in the file is treated either as a comment or as configuration information. Commented lines begin with #. Uncommented lines contain two required fields, key and value. The fields are separated by tabs and/or spaces. A line can be continued if it terminates with a backslash (\).

The following are the configuration parameters:

rfc931_timeout n

  • The RFC931 username lookup can be enabled or disabled through this parameter. Value for n specifies the time-out value (in seconds), to be used while getting the username information from the client.

  • A value of zero for n disables the rfc931 feature.

  • The default configuration of this disables the rfc931 feature with n value equal to 0.

  • The maximum value to which n can be set is 30 seconds.

on_reverselookup_fail {allow | deny}

  • This parameter determines whether tcpd should allow or deny the connection request on reverse lookup failure.

  • In both the cases, tcpd will log the event of reverse lookup failure, but in the deny case, it will reject the connection request just after reverse lookup failure. In the allow case, the hostname can be matched with the PARANOID wildcard (see hosts_options(5)) in access control files (/etc/hosts.allow and /etc/hosts.deny).

  • The default value for this is deny.

log_level {normal | extended}

  • This parameter determines the level at which tcpd should log the information using syslog. A value of extended will cause the TCP Wrappers daemon (see tcpd(1M)), to log the ACLs information such as with which entry the client request is matched and this entry's related options.

  • The default value for this entry is normal, in which case tcpd will only log the connection details about refusal or acceptance of the connection in the form of `connection from abc@xyz_host'.

Processing Invalid and Multiple Entries

tcpd processes invalid and multiple entries in the following ways:

  • An invalid entry for a configuration parameter is ignored. Instead, the default value for the configuration parameter will be used. For example, the following invalid entry for log_level will be replaced by the use of normal.

    log_level abcd

    will be treated as:

    log_level normal

  • If multiple entries for a configuration parameter are specified, only the last occurring entry is processed and the rest are ignored. For example, in the following two entries for rfc931_timeout, the last value of 25 is used for that parameter.

    rfc931_timeout 10 rfc931_timeout 25

EXAMPLES

To set the a 25 seconds time-out value for RFC931 user name lookup:

rfc931_timeout 25

To disable the RFC931 user name lookup:

rfc931_timeout 0

To make tcpd to allow a host on reverse lookup failure and process that host as PARANOID, in ACLs:

on_reverselookup_fail allow

To set the extended logging option:

log_level extended

AUTHOR

tcpd.conf was developed by the Hewlett-Packard.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.