myproxy-logon successfully connects to localhost. Kernel accept a
connection request and the connection is established. More important is
that what happens later. Later the library libwrap, myproxy-server is
built against, verifies access control policy defined in
/etc/hosts.allow/ etc/hosts.deny. If you execute myproxy-server again in
debug mode you will see that libwrap blocks the connection.
Lukasz
On 5/25/11 3:55 PM, Amitav Mohanty wrote:
On 05/21/2011 03:32 AM, Lukasz Lacinski wrote:
The line "ALL: ALL" in /etc/hosts.deny protect all services using TCP
wrapper on that machines from any clients, unless you have something
in /etc/hosts.allow. Please, comment that line out or grant access to
your MyProxy server in /etc/hosts.allow (manuals hosts.allow,
hosts.deny can provide more details).
It is unusual that you do not have the hostname 'localhost'
associated with 127.0.0.1. Your /etc/hosts should look rather:
127.0.0.1 localdomain.localhost localhost
<ip_address_assigned_to_non_loopback_interface> fool.man.machine fool
Lukasz
Hey
I fixed my /etc/hosts as follows:
#
# /etc/hosts: static lookup table for host names
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
194.109.142.194 www.clamav.net
10.53.252.5 fool.man.machine fool
When I try to connect I get the following
[dknight@fool gt]$ myproxy-logon -v -d -s localhost
MyProxy v5.3 17 Jan 2011 PAM OCSP
Attempting to connect to 127.0.0.1:7512
Successfully connected to localhost:7512
using trusted certificates directory /etc/grid-security/certificates
Failed reading length 0
Error authenticating: Connection closed.
Certificate authentication error. Trying anonymous.
MyProxy v5.3 17 Jan 2011 PAM OCSP
Attempting to connect to 127.0.0.1:7512
Successfully connected to localhost:7512
using trusted certificates directory /etc/grid-security/certificates
Failed reading length 0
Error authenticating: Connection closed.
I have allowed myproxy-logon in /etc/hosts.allow; but even if I
comment it out, it still says "successfully connected to localhost".
May be I am missing something here. I shall look forward to your reply.
Regards
Amitav