Graylisting clients w/ gss (krb5)'s ftpd
Philip Prindeville
philipp_subx at redfish-solutions.com
Sun Jun 11 18:28:56 UTC 2006
Ok, I conversed a bit with the krbdev group of developers at MIT and
they expressed that the patches would be more easily integrated into
future releases if they didn't include other dependencies (including
licensing dependencies), and hence rewrote the patch to use db2
which is already heavily used in KRB5.
So, here are the patches, tweaked accordingly.
I've been running the code here a couple of weeks, and noticed that
a lot of the software scanning/probing agents don't grok graylisting
and immediately give up when their second connection fails due to
the unexpired graylist.
Again, if anyone is interested in trying these out, please send me
your comments and experiences. You'll need to tweak your .spec
file as attached as well.
-Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gssftpd-graylist-db4.patch
Type: text/x-patch
Size: 10099 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20060611/9f9d7a6f/attachment-0004.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5.spec.patch
Type: text/x-patch
Size: 1337 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20060611/9f9d7a6f/attachment-0005.bin
More information about the devel
mailing list