Subject: Re: inetd.conf defaults
To: Erik Fair <>
From: Bill Sommerfeld <>
List: tech-net
Date: 05/28/2000 08:33:18
Many security penetrations occur because systems run services which
the administrator that the administrator was unaware of.

I think we should ship with an inetd.conf with every service initially
commented out.  The two remaining services (telnet and ftp) accept
plaintext passwords, which are flagrantly insecure in many/most

If I hear no substantive objections, I'll make this change and request
a pullup to -release.

Once the crypto-* mess is straightened out, we can change this to:
	- give telnetd command line arguments to require
	  encryption and authentication
	- give ftpd a command line argument to require either
	  anonymous access or encrypted/authenticated access.

but for now it's safer to just turn them off and let people decide
what's safe in their environments.

					- Bill