kill -1 / tcpwrappers


Subject: kill -1 / tcpwrappers
From: Karen A Swanberg (swanberg@tc.umn.edu)
Date: Wed Jun 27 2001 - 12:00:06 EDT


Two questions:

1) Kill -HUP

On my OpenBSD 2.8 and 2.9 boxes, a kill -1 (or -HUP) to the afpd and
atalkd daemons doesn't seem to work correctly. I'll reset the daemons, and
then wait for longer than it normally takes them to start during boot.
When I then try to connect from the client mac, I'll get the "Server is
shutting down, try again later" error. I haven't tested extensively, but
waiting 10 minutes isn't enough, even 30 isn't enough, I have to wait
hours for them to come back. They do, eventually, but why does it take so
long? Should I instead kill -9 them, and restart them by hand? Or is there
a graceful way to get the daemons to reread their config files without
rebooting or completely killing them?

2) Tcp-wrappers

Right now I have my netatalk daemons starting from rc.local (well,
actually rc.atalk). My understanding of tcp-wrappers is that in order to
use them, you must start the daemon in question from inetd. And then every
time the daemon is requested, inetd launches tcpd, which runs through it's
checks, and then calls the netatalk (or telnet, or ftp) daemons. Is this
how tcp-wrappers work for netatalk?

The alternative way, replacing the daemons with tcpd, isn't terribly well
documented, at least that I've been able to find. I can't figure out where
OpenBSD expects the daemons to live. This is what the tcpd.c file says:

/ * General front end for stream and datagram IP services. This program
logs the remote host name and then invokes the real daemon. For example,
install as /usr/etc/{tftpd,fingerd,telnetd,ftpd,rlogind,rshd,rexecd},
after saving the real daemons in the directory specified with the *
REAL_DAEMON_DIR macro. This arrangement requires that the network daemons
are started by inetd or something similar. Connections and diagnostics are
logged through syslog(3). */

The man page for tcpd says this:
"This example applies when tcpd expects that the network daemons are left
in their original place, as it is configured within OpenBSD.

In order to monitor access to the finger(1) service, perform the follow-
ing edits on the inetd(8) configuration file, /etc/inetd.conf:"
[and goes into standard inetd.conf stuff.]

I have yet to find the REAL_DAEMON_DIR macro. So, how does this interact
with ./compile --with-tcp-wrappers?

This is a quest for knowledge, I'm not knocking the netatalk daemons in
any way. I just want to understand how things are working, and I
understand why (I think) it takes atalkd so long to start.

All this is on OpenBSD 2.8 and 2.9, netatalk versions 1.5pre6 and 7,
CVS.

Thanks,

-Karen

* *
Karen Swanberg |
Network Admin. | GNUmusk, an
Dept. of Geology/Geophysics | opensource cologne
206 Pillsbury Hall |
310 Pillsbury Ave. SE | Old geeks never die
University of Mn | They just revert
Minneapolis, MN 55455 | to cleartext
(612) 624-6541 |
* *



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:43 EDT