HP-UX Internet Services Administrator's Guide (February 2007)

/etc/inetd.conf file. For example, you can enable the ftpd service with tcpd

by executing the following commands at the command prompt:

# mkdir /usr/lbin/wrapper

# mv /usr/lbin/ftpd /usr/lbin/wrapper

# cp tcpd /usr/lbin/ftpd

When an ftp service is requested, inetd spawns the /usr/lbin/ftpd daemon

which is actually the tcpd daemon. Then, tcpd performs access control checks

before invoking the ftpd daemon in the /usr/lbin/wrapper directory.

For more information on tcpd configuration, type man 1M tcpd or man 4

tcpd.conf at the HP-UX prompt.

The libwrap.a Library

The libwrap.a library provides a set of APIs for independent applications to enforce

host access control based on the files /etc/hosts.allow and /etc/hosts.deny

files. The APIs implement a rule-based access control language with optional shell

commands, that are executed when a rule is invoked.

To enforce the host access control in an independent daemon, a service must include

the tcpd.h header file and link with the libwrap.a library APIs. The libwrap.a

library contains the following APIs:

• request_init()

Initializes the request_info structure with the client request information.

• request_set()

Updates an initialized request_info structure.

Both the APIs request_init() and request_set() accept the request_info

structure and a variable length list of key-value pairs as input parameters; and, they

return the request_info structure defined in the tcpd.h header file. The argument

lists are terminated with a zero key value.

• hosts_access()

Reads the ACLs and returns either 1 or 0 indicating the access granted or denied,

respectively.

• hosts_ctl()

This API is a wrapper to the functions request_init() and hosts_access().

It accepts the daemon name, client host name, client address, and user name as

input parameters. The client host name, address, and user name arguments must

TCP Wrappers Files 41