From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Aug  7 13:36:45 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA20345;
	Mon, 7 Aug 2000 13:36:45 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mx.vnet.ne.jp (ns.vnet.ne.jp [210.199.152.2])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA20340
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 7 Aug 2000 13:36:45 +0900 (JST)
	(envelope-from ei@vnet.ne.jp)
Received: from via ([210.199.152.13])
	by mx.vnet.ne.jp (8.9.3/3.7W) with SMTP id NAA06577
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 7 Aug 2000 13:38:42 +0900 (JST)
Date: Mon, 07 Aug 2000 13:42:44 +0900
From: Kanemitsu Eitetsu <ei@vnet.ne.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <868zuc851z.wl@gama.mil.allnet.ne.jp>
References: <398B9630244.D6C1EI@mx.vnet.ne.jp> <868zuc851z.wl@gama.mil.allnet.ne.jp>
Message-Id: <398E3E442D0.529AEI@mx.vnet.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.26.02
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 54022
Subject: [FreeBSD-users-jp 54022] Re: can't verify hostname
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ei@vnet.ne.jp

$B6b8w$G$9!#(B


> > popper[40925]: warning: can't verify hostname: gethostbyname(ddd.ccc.bbb.aaa.foo.com) failed
> > popper[40925]: refused connect from aaa.bbb.ccc.ddd
> 
> > a$B!"(Bb$B!"(Bc$B!"(Bd $B$O?t;z!J(BIP$B%"%I%l%9!K$G$9!#(B
> 
> /usr/src/contrib/tcp_wrappers $B$K=q$$$F$"$k(B -DPARANOID $B$N@bL@$,(B
> $B$3$NLdBj$K3:Ev$9$k$N$G$O$J$$$G$7$g$&$+(B?
> 
>   When compiled with -DPARANOID, the wrappers will always attempt to look
>   up and double check the client host name, and will always refuse
>   service in case of a host name/address discrepancy.  This is a
>   reasonable policy for most systems.

Makefile $B$N(B

####################################################
# Optional: dealing with host name/address conflicts
#	
# By default, the software tries to protect against hosts that claim to
# have someone elses host name. This is relevant for network services
# whose authentication depends on host names, such as rsh and rlogin.
#
# With paranoid mode on, connections will be rejected when the host name
# does not match the host address. Connections will also be rejected when
# the host name is available but cannot be verified.
#
# Comment out the following definition if you want more control over such
# requests. When paranoid mode is off and a host name double check fails,
# the client can be matched with the PARANOID access control pattern.
#
# Paranoid mode implies hostname lookup. In order to disable hostname
# lookups altogether, see the next section.

#PARANOID= -DPARANOID

########################################
# Optional: turning off hostname lookups
#
# By default, the software always attempts to look up the client
# hostname.  With selective hostname lookups, the client hostname
# lookup is postponed until the name is required by an access control
# rule or by a %letter expansion.
#
# In order to perform selective hostname lookups, disable paranoid
# mode (see previous section) and comment out the following definition.

#HOSTNAME= -DALWAYS_HOSTNAME


PARANOID$B!"(BHOSTNAME $B$r%3%a%s%H%"%&%H$7$?$H$3$m!"(B

popper[44182]: connect from aaa.bbb.ccc.ddd
popper[44182]: (v3.0.2) Unable to get canonical name of client aaa.bbb.ccc.ddd: Unknown host (1)

$B$H$J$j!"L5;v@\B3$G$-$^$7$?!#(B

$B$"$j$,$H$&$4$6$$$^$7$?!#(B


----
Kanemitsu Eitetsu
