On Mon, 2005-11-07 at 17:54, Tim Prendergast wrote:
> Yes, it does... here's the rsh file in /etc/xinetd.d
>
> [root@]more /etc/xinetd.d/rsh
> # default: on
> # description: The rshd server is the server for the rcmd(3) routine and, \
> # consequently, for the rsh(1) program. The server provides \
> # remote execution facilities with authentication based on \
> # privileged port numbers from trusted hosts.
> service shell
> {
> disable = no
> socket_type = stream
> wait = no
> user = root
> log_on_success += USERID
> log_on_failure += USERID
> server = /usr/sbin/in.rshd
> cps = 1000 5
> }
>
> The oddity is that the other system also has the USERID entries. I removed
> them just now to test, restarted xinetd.d, and ran the same 'time rsh
> localhost uname -a' with the same results as before. This would indicate to
> me that the IDENT request is taking nearly no time at all (0.001s difference
> in the times with or without the log lines present).
Yes IDENT is normally fast if it either completes or isn't running
and you get an ICMP rejection. The thing that might have made
it slow would be if you had a firewall dropping the packets
so you'd get a timeout instead. Another thing that happens
during a connection is a reverse DNS lookup to log the
connecting host name and perhaps a check against hosts.allow
and hosts.deny. How fast does your DNS respond?
--
Les Mikesell
lesmikesell@xxxxxxxxx
