mention that -a valid does not work, requested by felix.

branches: 1.58.56;
Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.57.8;
goodbye uucp

Use more sane defaults for commented out fingerd entry.
From OpenBSD and Zafer Aydogan.
PR/31341.

Add -a valid for PAM.

new lines for identd [ipv6 support and option adjustment]

Remove nntp line -- it refers to a non-existing daemon.
Closes PR 22388, from Nate Hill.

identd can now run as nobody.

identd(8) must run as "root" to use TCPCTL_IDENT via sysctl(3). This fixes
PR bin/21261 by myself.

Also register rquota version 2.

rexecd is IPv6 capable (not sure who will be using it though)

committed by mistake

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

uucpd supports IPv6

Enable logging options for (commented out) uucpd and fingerd by default.
Addresses misc/10219 by Jim Bernard.

Cleanup formatting of the rpc services.

Add a tcp6 entry for hpropd.

kpasswd is a "wait" type service.

comsat is ipv6 ready

move tcp6/udp6 entries upwards so that they do not get out of sync with
IPv4 services. add kerberos-adm and internal services (like echo) on tcp/udp6.

Now that kpasswdd works from inetd, also correct the entry: kpasswdd is an
udp service, not tcp.

Add (commented out) hprop service, along with a short explanation
of when to enable it and why.

Remove the (not supported) krbupdate service, and add (commented out)
kerberos-adm.

Allow a higher count of started services for broadcast RPC services. Since
rpcbind version 3 and 4 clients will try broadcasts using both the old
and new protocol for IPv4, the double amount of packets may come in,
causing bogus "service looping" events in inetd.

branches: 1.35.2;
Comment out telnet, ftp since they use cleartext passwords (discussed
recently on tech-net, no objection raised except that it doesn't go
far enough..)

Fix misc/10219 as suggested in PR: add -L to rlogind and -l to tftpd
command lines to enable logging.

* Portmap is now called rpcbind.
* Add IPv6 RPC entries to inetd.conf (commented out by default, as the others)
* Add netconfig file, needed for TI-RPC code.

branches: 1.33.2;
remove commented-out entry for mountd, since whilst support for inetd
was added to mountd in mountd.c::1.6, it was removed as part of the
4.4-lite merge in mountd.c::1.12. if the entry was uncommented your
machine might clag up after a showmount as inetd spawned lots of
mountd processes...

enable IPv6 ftp and telnet by default.
it makes more sense to me as we have INET6 in kernel, and we have ftp4/telnet4
enabled by default. maybe I'm biased:-)

add tcp6 lines for rshd/rlogind.

add comment about IPv4/v6 dual stack support (enable both tcp and tcp6).

branches: 1.29.2;
Disable everything except ftpd and telnetd by default.

Use a colon to seprate user and group name pairs.

GENERIC kernel does not ship with IPv6, so comment out tcp6/udp6 entries.

branches: 1.26.2;
IPv6 support.

add telnet on tcp6.

provide sample lines for IPv6 services (at this moment ftpd and fingerd)

Modify (commented out, pre-existing) identd line to start identd `nowait'
for those who want to use tcpwrappers appropriately.

Resist temptation to add -L"something appropriate"

branches: 1.22.4;
make these changes to the default user.group:
- internal services run as `nobody'
- rpc.rusersd and rpc.sprayd run as `nobody'
- rpc.rstatd run as `nobody.kmem'
- rpc.rwalld run as `nobody.tty'

add hunt(6) entry (commented by default)

Run ntalkd as nobody.tty

mountd was moved to /usr/sbin ; pointed out by Thorsten Frueauf.

cleanup Lite-1 merge

Turn off echo, discard, and chargen by default.

turn off internal udp services, and log rshd connections; ideas from openbsd.

RCS id police.

bootpd can run from the shell, too, and thus lives in /usr/sbin, not
/usr/libexec.

Turn off idented by default.

The tftpd daemon has been changed to use setgid() & setuid() to
explicitly set the user and group IDs to non-priveleged values. This
was done because the chroot() call used when the secure (-s) option is
used can only be done by the superuser.

This change now requires tftpd to be executed by root. So the
inetd.conf entry has been changed to start it that way. I also
added -s /tftpboot arguments, so people who uncomment the tftpd
entry without realizing it's security ramifications won't open
thier whole systems to unauthorized access.

disable kerberos version of rsh/rlogin, because things don't work properly
if they're enabled and the programs don't support kerberos (by default,
the NetBSD programs don't.)

sprayd & rquotad: disabled by default

move bootpd from othersrc to libexec. add bootptab file

fix that last inetd.conf

remove reference to old talk protocol. will result in better failure

listen for rusers/2-3; no more version 1

it is clear that mountd started from inetd does not work

mountd is now started by inetd.

Add entries to start rpc services.

rexecd was on in the default installation. rexecd is not your a secure friend.
those who want it should have to turn it on explicitly

branches: 1.1.1;
Initial revision

Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.

branches: 1.57.8;
goodbye uucp

Use more sane defaults for commented out fingerd entry.
From OpenBSD and Zafer Aydogan.
PR/31341.

Add -a valid for PAM.

new lines for identd [ipv6 support and option adjustment]

Remove nntp line -- it refers to a non-existing daemon.
Closes PR 22388, from Nate Hill.

identd can now run as nobody.

identd(8) must run as "root" to use TCPCTL_IDENT via sysctl(3). This fixes
PR bin/21261 by myself.

Also register rquota version 2.

rexecd is IPv6 capable (not sure who will be using it though)

committed by mistake

uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.

uucpd supports IPv6

Enable logging options for (commented out) uucpd and fingerd by default.
Addresses misc/10219 by Jim Bernard.

Cleanup formatting of the rpc services.

Add a tcp6 entry for hpropd.

kpasswd is a "wait" type service.

comsat is ipv6 ready

move tcp6/udp6 entries upwards so that they do not get out of sync with
IPv4 services. add kerberos-adm and internal services (like echo) on tcp/udp6.

Now that kpasswdd works from inetd, also correct the entry: kpasswdd is an
udp service, not tcp.

Add (commented out) hprop service, along with a short explanation
of when to enable it and why.

Remove the (not supported) krbupdate service, and add (commented out)
kerberos-adm.

Allow a higher count of started services for broadcast RPC services. Since
rpcbind version 3 and 4 clients will try broadcasts using both the old
and new protocol for IPv4, the double amount of packets may come in,
causing bogus "service looping" events in inetd.

branches: 1.35.2;
Comment out telnet, ftp since they use cleartext passwords (discussed
recently on tech-net, no objection raised except that it doesn't go
far enough..)

Fix misc/10219 as suggested in PR: add -L to rlogind and -l to tftpd
command lines to enable logging.

* Portmap is now called rpcbind.
* Add IPv6 RPC entries to inetd.conf (commented out by default, as the others)
* Add netconfig file, needed for TI-RPC code.

branches: 1.33.2;
remove commented-out entry for mountd, since whilst support for inetd
was added to mountd in mountd.c::1.6, it was removed as part of the
4.4-lite merge in mountd.c::1.12. if the entry was uncommented your
machine might clag up after a showmount as inetd spawned lots of
mountd processes...

enable IPv6 ftp and telnet by default.
it makes more sense to me as we have INET6 in kernel, and we have ftp4/telnet4
enabled by default. maybe I'm biased:-)

add tcp6 lines for rshd/rlogind.

add comment about IPv4/v6 dual stack support (enable both tcp and tcp6).

branches: 1.29.2;
Disable everything except ftpd and telnetd by default.

Use a colon to seprate user and group name pairs.

GENERIC kernel does not ship with IPv6, so comment out tcp6/udp6 entries.

branches: 1.26.2;
IPv6 support.

add telnet on tcp6.

provide sample lines for IPv6 services (at this moment ftpd and fingerd)

Modify (commented out, pre-existing) identd line to start identd `nowait'
for those who want to use tcpwrappers appropriately.

Resist temptation to add -L"something appropriate"

branches: 1.22.4;
make these changes to the default user.group:
- internal services run as `nobody'
- rpc.rusersd and rpc.sprayd run as `nobody'
- rpc.rstatd run as `nobody.kmem'
- rpc.rwalld run as `nobody.tty'

add hunt(6) entry (commented by default)

Run ntalkd as nobody.tty

mountd was moved to /usr/sbin ; pointed out by Thorsten Frueauf.

cleanup Lite-1 merge

Turn off echo, discard, and chargen by default.

turn off internal udp services, and log rshd connections; ideas from openbsd.

RCS id police.

bootpd can run from the shell, too, and thus lives in /usr/sbin, not
/usr/libexec.

Turn off idented by default.

The tftpd daemon has been changed to use setgid() & setuid() to
explicitly set the user and group IDs to non-priveleged values. This
was done because the chroot() call used when the secure (-s) option is
used can only be done by the superuser.

This change now requires tftpd to be executed by root. So the
inetd.conf entry has been changed to start it that way. I also
added -s /tftpboot arguments, so people who uncomment the tftpd
entry without realizing it's security ramifications won't open
thier whole systems to unauthorized access.

disable kerberos version of rsh/rlogin, because things don't work properly
if they're enabled and the programs don't support kerberos (by default,
the NetBSD programs don't.)

sprayd & rquotad: disabled by default

move bootpd from othersrc to libexec. add bootptab file

fix that last inetd.conf

remove reference to old talk protocol. will result in better failure

listen for rusers/2-3; no more version 1

it is clear that mountd started from inetd does not work

mountd is now started by inetd.

Add entries to start rpc services.

rexecd was on in the default installation. rexecd is not your a secure friend.
those who want it should have to turn it on explicitly

branches: 1.1.1;
Initial revision

import 4.4BSD-Lite

initial import of 386bsd-0.1 sources

Pull up revision 1.29 (via patch, requested by fair):
Disable everything except ftpd and telnetd by default.
Fixes PR#9673.

Pull up to last week's -current.

Disable everything except ftpd and telnetd by default.

file inetd.conf was added on branch comdex-fall-1999 on 1999-11-05 11:16:21 +0000

Sync w/ netbsd-1-5-base.

Apply patch (requested by thorpej):
Correct a few INET6 and Kerberos entries.
Mostly syncs with version 1.44.

Revision 1.39: the entry for kpasswdd should be dgram/udp.

(approved by thorpej)

Pull up rev. 1.38:
Add (commented out) hprop service, along with a short explanation
of when to enable it and why.

Pull up rev. 1.37:
Remove the (not supported) krbupdate service, and add (commented out)
kerberos-adm.

Pull up rev. 1.36:
Allow a higher count of started services for broadcast RPC services. Since
rpcbind version 3 and 4 clients will try broadcasts using both the old
and new protocol for IPv4, the double amount of packets may come in,
causing bogus "service looping" events in inetd.

sync with HEAD