How to compile pidentd 3.0.18 on Solaris GA with DES encryption support and How to send unencrypted identd infor to localhosts, and encrypted identd informationt o remote systems using tcp_wrappers donwload pidentd 3.0.18 ftp://ftp.lysator.liu.se/pub/ident/servers/ apply patch to k_sunos510.c http://sunportal.sunmanagers.org/pipermail/summaries/2005-February/006132.html disable IPv6 by removing "-DHAVE_IPV6=1" from the CPPFLAGS in the configure script: (It is not sufficient to use -DHAVE_IPV6=0, as the include file sockaddr.h uses #ifdef HAVE_IPV6, and -DHAVE_IPV6=0 still defines it) *** pidentd-3.0.18/configure.FCS Sun Jun 13 00:38:42 2004 --- pidentd-3.0.18/configure Sat Feb 19 11:52:20 2005 *************** *** 2379,2385 **** ;; *10) host_os=sunos510 ! CPPFLAGS="$CPPFLAGS -DHAVE_IPV6=1" ;; esac if test "`isainfo -k`" = "sparcv9"; then --- 2379,2385 ---- ;; *10) host_os=sunos510 ! CPPFLAGS="$CPPFLAGS" ;; esac if test "`isainfo -k`" = "sparcv9"; then Setup some environment variables (I am using SUNWspro version 10 to compile) and run configure, then make: # setenv PATH /usr/ccs/bin:/opt/SUNWspro/bin:$PATH # setenv CC cc # setenv CFLAGS -fast # setenv LDFLAGS "-s -L/usr/sfw/lib/64 -R/usr/sfw/lib/64" # unsetenv LD_LIBRARY_PATH # ./configure --prefix="" --with-threads=yes --with-des=yes --with-des-includes=/usr/sfw/include --with-des-libraries=/usr/sfw/lib/64 # make voila, you should have a identd supporting encyption.... # ls -l pidentd-3.0.18/src/{identd,ibench,idecrypt,ikeygen} -rwxr-xr-x 1 locadm locadm 12256 Feb 19 11:55 pidentd-3.0.18/src/ibench -rwxr-xr-x 1 locadm locadm 27776 Feb 19 11:55 pidentd-3.0.18/src/idecrypt -rwxr-xr-x 1 locadm locadm 86512 Feb 19 11:55 pidentd-3.0.18/src/identd -rwxr-xr-x 1 locadm locadm 10728 Feb 19 11:55 pidentd-3.0.18/src/ikeygen # ldd pidentd-3.0.18/src/identd libpthread.so.1 => /lib/64/libpthread.so.1 libcrypto.so.0.9.7 => /usr/sfw/lib/64/libcrypto.so.0.9.7 libkvm.so.1 => /usr/lib/64/libkvm.so.1 libelf.so.1 => /lib/64/libelf.so.1 libnsl.so.1 => /lib/64/libnsl.so.1 libsocket.so.1 => /lib/64/libsocket.so.1 libc.so.1 => /lib/64/libc.so.1 libmp.so.2 => /lib/64/libmp.so.2 libmd5.so.1 => /lib/64/libmd5.so.1 libscf.so.1 => /lib/64/libscf.so.1 libdoor.so.1 => /lib/64/libdoor.so.1 libuutil.so.1 => /lib/64/libuutil.so.1 libm.so.2 => /lib/64/libm.so.2 /platform/SUNW,Sun-Blade-1000/lib/sparcv9/libc_psr.so.1 /platform/SUNW,Sun-Blade-1000/lib/sparcv9/libmd5_psr.so.1 I install identd as /usr/sbin/in.identd: -r-xr-xr-x 1 root bin 86512 Feb 19 11:56 /usr/sbin/in.identd Added a line to /etc/inet/inetd.conf: ident stream tcp nowait root /usr/sbin/in.identd in.identd -i -E And imported the new line: # inetconv -f 100235/1 -> /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml Importing 100235_1-rpc_ticotsord.xml ...Done 100083/1 -> /var/svc/manifest/network/rpc/100083_1-rpc_tcp.xml Importing 100083_1-rpc_tcp.xml ...Done 100068/2-5 -> /var/svc/manifest/network/rpc/100068_2-5-rpc_udp.xml Importing 100068_2-5-rpc_udp.xml ...Done ident -> /var/svc/manifest/network/ident-tcp.xml Importing ident-tcp.xml ...Done Generated a key in /etc/identd.key # pidentd-3.0.18/src/ikeygen Verfify that ident service is listening # netstat -an |grep 113 *.113 *.* 0 0 49152 0 LISTEN Quick test: # telnet localhost 113 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 33201,113 33201 , 113 : USERID : OTHER :[1UTLQodFC6rk9PV9xhMBzXb+WIfMZl6n] Connection to localhost closed by foreign host. 33201 is the port number of the connection, find it with netstat run while the connection is established... # netstat -an |grep 113 *.113 *.* 0 0 49152 0 LISTEN 127.0.0.1.33201 127.0.0.1.113 49152 0 49152 0 ESTABLISHED 127.0.0.1.113 127.0.0.1.33201 49152 0 49152 0 ESTABLISHED A big thank you to Jim Seymour and Casper Dik for helping me to find the right way to make this work! Cheers --pwo P.S.: we use tcp_wrappers to run identd with encryption for remote connections, and without encryption for the local domain. I still have to test this setup with Solaris 10 .... but basically this is how it works: add to inetd.conf the call without encryption: /etc/inet/inetd.conf ident stream tcp nowait root /usr/sbin/in.identd in.identd -i use inetconv -f to import the line Add to /etc/hosts.allow: in.identd : LOCAL, .YourLocalDomain Add to /etc/hosts.deny: in.identd : ALL : twist /usr/sbin/in.identd -i -E Enable tcp_wrappers for inetd services: # inetadm -p |grep -i tcp_wrappers # inetadm -M tcp_wrappers=TRUE # inetadm -p |grep -i tcp_wrappers Now local clients should see an output similar to this: # telnet localhost 113 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 33220,113 33220 , 113 : USERID : UNIX :locadm Connection to localhost closed by foreign host. And remote clients will see: # telnet solris10-test-system 113 Trying 10.10.10.10... Connected to solris10-test-system. Escape character is '^]'. 113,59519 113 , 59519 : USERID : OTHER :[dEXYGVB+MZTOQRz5c6SauaW3hvn21hlo] Connection closed by foreign host. -- Peter W. Osel Email: pwo@Infineon.COM Principal - Development Systems Phone: +1.408.501.6321 Infineon Technologies Cell: +1.408.348.6735 North America Corp. Cell: +49.160.475.8577 (outside US) 1730 North First Street Fax: +1.408.501.2410 San Jose, CA 95112, USA WWW: http://pwo.de/ pgp key fingerprint = 79 2D DD 49 C0 AA D8 CF 2C F9 A5 6A BA 37 0E 28 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Sat Feb 19 16:47:08 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:43 EST