Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
This whole secure by default thing is really getting out of hand. So, I just installed FC 6 after having been running RH9 for many years. Now, ftp, telnet, rlogin, etc are all disabled, and despite my best efforts I can't get them to work. Apparently they are all "kerberized" now. Well that's just great, so how the sam hill is that supposed to work across different machines and OSes? All I want to do is ftp some friggin files from the machine where I backed everything up. Nothing seems to work. I've installed xinetd and edited the scripts in /etc/xinetd.d to "enable" ftp. No joy. I've also shut down xinetd and started vsftpd, again, no joy.
Keep in mind the reason those services are disabled by default is that have the ability to send userids and passwords in clear text. Anyone between the client a server can see the login information (including wireless users, if you are on WiFi).
If you've just got an Ethernet cable between two machines, no problem. If you are sending information across the Internet, big problem.
Instead of using telnet/rlogin, you can use ssh. Instead of using ftp, you can use scp (uses ssh for transport). If the client is a Windows machine, you can install the free PuTTY program for ssh/scp.
I took out the -a, still no luck. Attempting to ftp (yes it's from a Windows machine) just hangs with no response. Attempting to ftp from the Linux box gives a litany of GSSAPI errors. It starts with
Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: unspecified GSS failure. Minor code may provide more information
GSSAPI error minor: no credentials cache found
I know all about the security issues, but this is a workstation accessed on a LAN not the internet. This is a collossal pain in the arse.