NFS Services Administrator's Guide

Configuring and Administering NFS Services

Configuring RPC-based Services

Chapter 2 97

Restricting Access to RPC-based Services

To restrict access to RPC-based services, create an entry with the

following syntax in the /var/adm/inetd.sec file for each service to

which you want to restrict access:

service

{allow | deny }

host_or_network

[

host_or_network

...]

If the /var/adm/inetd.sec file does not exist, you may have to create it.

The

service

must match one of the service names in the /etc/rpc file.

Specify either allow or deny, but not both. Enter only one entry per

service.

The host_or_network can be either an official host name, a network

name, or an IP address. Any of the four numbers in an IP address can be

specified as a range (for example, 1-28) or as a wildcard character (*).

The inetd.sec file is checked only when the service starts. If a service

remains active and accepts more requests without being restarted, the

inetd.sec file is not checked again.

You can use HP SMH to modify the /var/adm/inetd.sec file.

For more information, see inetd.conf (4) and inetd.sec (4).

Examples from /var/adm/inetd.sec

In the following example, only hosts on subnets 15.13.2.0 through

15.13.12.0 are allowed to use the spray command:

rquotad The rpc.rquotad program responds to requests from the

quota command, which displays information about a

user’s disk usage and limits. For more information, see

rquotad (1M) and quota (1).

gssd The gssd program operates between the Kernel RPC and

the Generic Security Services Application Program

Interface (GSS-API) to generate and validate the GSS-API

tokens. For more information, see gssd (1M).

Table 2-8 RPC Services managed by inetd (Continued)

RPC

Service

Description