On Mon, 2005-11-07 at 17:54, Tim Prendergast wrote:
Yes, it does... here's the rsh file in /etc/xinetd.d
[root@]more /etc/xinetd.d/rsh
# default: on
# description: The rshd server is the server for the rcmd(3) routine and, \
# consequently, for the rsh(1) program. The server provides \
# remote execution facilities with authentication based on \
# privileged port numbers from trusted hosts.
service shell
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rshd
cps = 1000 5
}
The oddity is that the other system also has the USERID entries. I removed
them just now to test, restarted xinetd.d, and ran the same 'time rsh
localhost uname -a' with the same results as before. This would indicate to
me that the IDENT request is taking nearly no time at all (0.001s difference
in the times with or without the log lines present).
Yes IDENT is normally fast if it either completes or isn't running
and you get an ICMP rejection. The thing that might have made
it slow would be if you had a firewall dropping the packets
so you'd get a timeout instead. Another thing that happens
during a connection is a reverse DNS lookup to log the
connecting host name and perhaps a check against hosts.allow
and hosts.deny. How fast does your DNS respond?
--
Les Mikesell
lesmikesell(a)gmail.com