Re: [ldm-users] Turning off RPC

true, but it's not as good as disabled ;)

Sent from my iPhone

On Sep 28, 2009, at 5:14 PM, Bret Whissel <bret@xxxxxxxxxxx> wrote:

One could reduce portmapper/rpcbind exposure by configuring hosts.deny
and hosts.allow to disable access to ports 111 and 388 to ALL, and
enabling access to 111 and 388 to upstream/downstream sites.  (I'm
confident that rpcbind is generally TCPwrappers-enabled on supported
platforms; anyone know if LDM is?)

Bret

On Mon, 2009-09-28 at 16:21 -0500, Peter Laws wrote:
Tyler Allison wrote:
I've run LDM without portmapper/rpcbind given they are both ginormous security risks. It delays the startup/shutdown and other admin functions since LDM tries to RPC but fails, then it tries again, etc...until it figures out it is never going to work and defaults to 388 and everything
works fine afterwards.

Personally, I'd rather see it assume 388 and fall back to
portmapper/rpcbind in the event of 388 failure, but that's just me :)

Actually, Steve E wrote to me off-list and indicated that this is exactly
how it works.  Change in the code at some point??

I'd still like to disable it.  :-)


_______________________________________________
ldm-users mailing list
ldm-users@xxxxxxxxxxxxxxxx
For list information or to unsubscribe,  visit: 
http://www.unidata.ucar.edu/mailing_lists/



  • 2009 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the ldm-users archives: