ftp login with AIX 5.1

ftp login with AIX 5.1

Post by B?rge N?s » Mon, 02 Dec 2002 10:10:14



What is the correct way to disable telnet login but enable ftp login with AIX
5.1?

Under 4.3 you could simply set /usr/bin/logout as the shell and be done with
it.
For some reason this doesn't work with 5.1 ML3. I am still searching for why.

TIA
-B?rge

 
 
 

ftp login with AIX 5.1

Post by Bob Mariot » Mon, 02 Dec 2002 11:24:20



Quote:>What is the correct way to disable telnet login but enable ftp login with AIX
>5.1?

>Under 4.3 you could simply set /usr/bin/logout as the shell and be done with
>it.
>For some reason this doesn't work with 5.1 ML3. I am still searching for why.

>TIA
>-B?rge

Assuming you are using inetd to control these "services" I would edit
the /etc/inetd.conf file and comment ("#") out the telnet line(s).
This certainly would keep everyone out.

Another way is to install tcp-wrappers which controls exactly who can
use a given service.

 
 
 

ftp login with AIX 5.1

Post by B?rge N?s » Mon, 02 Dec 2002 13:12:26





>Assuming you are using inetd to control these "services" I would edit
>the /etc/inetd.conf file and comment ("#") out the telnet line(s).
>This certainly would keep everyone out.

My fault, I should have said I only needed to lock out a single user and not
the rest.

Quote:>Another way is to install tcp-wrappers which controls exactly who can
>use a given service.

I am not familiar with how do do this. Do you have any URLs?

TIA
-B?rge

 
 
 

ftp login with AIX 5.1

Post by Harry Cha » Mon, 02 Dec 2002 13:44:08


You can change the attribute to false for "User can LOGIN REMOTELY" in
SMIT Change / Show Characteristics of a User.  This will disable telnet
login for the user without affecting ftp.




> >Assuming you are using inetd to control these "services" I would edit
> >the /etc/inetd.conf file and comment ("#") out the telnet line(s).
> >This certainly would keep everyone out.

> My fault, I should have said I only needed to lock out a single user and not
> the rest.

> >Another way is to install tcp-wrappers which controls exactly who can
> >use a given service.

> I am not familiar with how do do this. Do you have any URLs?

> TIA
> -B?rge