Hello Gregory,

Re: INETDSEC problem.

I have not seen a SR submitted to the lab on this problem.  Did the
Response Center submit a SR on your behalf for this problem ?

Please EMAIL me and let me know if they did and what the SR number
is.

Regards,

James Hofmeister
[log in to unmask]
Hewlett Packard
Worldwide Technology Network Expert Center
P.S. My Ideals are my own, not necessarily my employers.




Stigers, Gregory - ANDOVER ([log in to unmask]) wrote:
: I thought we had put this problem to bed, but it has reared its ugly
: head again. We want to explicitly allow a number of certain IP addresses
: to telnet in to our 3Ks. A minor change to our inetdsec file uncovered
: that it was not linked to its POSIX name space /etc/adm/inetd.sec;
: linking it hosed access. It seems that a 'telnet allow' will take as
: many arguments as one can enter on one line. The end of line
: continuation character does not seem to work on the 3K, and only the
: last telnet allow line is used. I discussed this with our admin people,
: who agreed that this seems to work great on the 9K, and that it seems
: reasonable to assume that telnet on the 3K is more or less a port of
: what works on the 9K, and that HP could be expected to get this right.
: Our admin people called HPRC, and they acknowledged that this does seem
: to be a problem with the implementation of inetd.

: I know that there are other things we can do, and we do some of those
: other things, and I want us to do most if not all of those other things,
: as I tend to distrust single layers of security (and no, I don't usually
: wear a belt and suspenders). I want to get this to work. Does anyone
: know if this is an honest-to-goodness bug, and we just have to wait for
: it to get fixed, or is there some magic incantation or obscure work
: around to explicitly allow only (a number of) certain addresses thru in
: the inetd security file?