ucspi-tcp or xinetd

Domitianus Prima Prayudi prima at arc.itb.ac.id
Tue Jun 10 22:23:12 PDT 2003


About PAM, I prefer PAM 0.76 because with 0.77 version I got a lot off
problem after I install it. Login, su, useradd, passwd and some other
shadow program doesn't work correctly. So I install 0.76 version and
shadow works well except for fcron (does'nt support 0.76 version ??)
I thing using PAM not very bad idea besides some programs needs pam to
works
On Wed, 11 Jun 2003, Alexander E. Patrakov wrote:

> On Wednesday 11 June 2003 10:41, Domitianus Prima Prayudi wrote:
> > I'm beginner and in the process of setting up my LFS box to become my
> > first experimental server.
>
> Not a bad intention.
>
> > Now i'm using qmail as my MTA and proftpd as my ftp daemon can anybody
> > explain which one is better ucspi-tcp or xinetd, and how make them
> > (qmail and proftpd) as secure as possible?
>
> qmail is very secure by default. It's also very rigid without tons of patches.
> I can even say that it is configured by means of patches. Although I run it
> on my server, my next server will probably run something else. Maybe Postfix,
> although I have not tried it. And I really don't recommend using qmail on
> your server.
>
> As for the ftp daemon, I received a directive from my boss: don't install it
> (and I agree). It can be replaced by the http daemon (for downloading) and
> sshd (for uploading files via sftp). Your opinion may be different.
>
> As for ucspi-tcp vs xinetd: I really don't know. You may install both. It is
> recommended to run qmail from tcpserver (part of ucspi-tcp), but if you need
> some IPC services, you probably need xinetd. On my server, there is no
> xinetd.
>
> You may also consider using stunnel to require the connections to your SMTP
> and POP3 servers to be made via SSL. I do so.
>
> > One more thing, I have difficulties in configuring Linux-PAM (0.76), but
> > my shadowpassword running well, does anyone could tell me where can I find
> > good documentation about PAM ?
>
> In the PAM source tarball. BTW, 0.76 it is not the latest version. And do you
> really need PAM?
>
> > Thanks for the attention, and sorry for my bad english ...
> Please post replies to blfs-support at linuxfromscratch.org since your mail
> contains a support question, not a security hole announcement.
>
> --
> Alexander E. Patrakov
>
> --
> Unsubscribe: send email to listar at linuxfromscratch.org
> and put 'unsubscribe lfs-security' in the subject header of the message
>
>

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list