Paul Johnson wrote: > > Oh, I see. it is possible to have a program that uses tcpwrappers > without going through xinetd. I did not understand before. Now i do > see in the opensh source's INSTALL file the option that compiles in > tcp-wrappers. > > --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) > > But now I don't understand what role xinetd is/was performing side by > side with the tcpwrap protection inside ssh's build. > xinetd has no role in sshd's tcpwrapper protection unless you set up sshd to be launched on deman by xinetd instead of running as a stand-alone daemon. What xinetd does is monitor the ports it is configured to monitor. When something tries to connect to one of those ports, xinetd checks to see if they are allowed to connect, and if they are, it will then launch the proper program. This works fine for programs that are seldom used, or that start fast. It does not work well for programs that take time to initialize. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!