windsoul 发表于 2003-9-22 12:44:13

关于系统服务的问题

刚用Magic1.1(完全安装)不久
在设置服务的时候发现有一些在RH上没有的服务,其中有一些不明白,特请教技术支持人员:
1.krb5xxx是一些加密服务,具体功能如何,怎样使用
2.gssftp在说明里支持krb5的ftp服务器,我现在正要一个这样的服务器。请教具体的配置方法
3.我开机时自动开启iptables服务,为何用ps -A查看时没这个进程??
如何开启它,是不是还要开xinted服务啊
4.ssh是什么服务啊

llc 发表于 2003-9-22 18:48:55

这些问题很难准确回复,上google查查看

樱家冢 发表于 2003-9-22 23:25:52

krb5xxx是kerbose5的简写,至于kerbose是什么,我也说不清,只能说是微软搞的加密代理协议之类的东东。

linhuchong 发表于 2003-9-23 10:19:38

What is Kerberos?

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.

Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.

In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture.

linhuchong 发表于 2003-9-23 10:28:47

更多的信息请看:
http://web.mit.edu/kerberos/

樱家冢 发表于 2003-9-23 15:59:17

krb5xxx是kerbose5的简写,至于kerbose是什么,我也说不清,只能说是微软搞的加密代理协议之类的东东。
看来我弄错了哈,刻耳帕洛斯是地狱三头犬,看门的啊,呵呵,而且跟M$没什么关系。

cjacker 发表于 2003-9-23 16:08:09

krb5xxx是kerbose5的简写,至于kerbose是什么,我也说不清,只能说是微软搞的加密代理协议之类的东东。
看来我弄错了哈,刻耳帕洛斯是地狱三头犬,看门的啊,呵呵,而且跟M$没什么关系。
有时间去看看我写的AC Server plan.
里面有对kerberos, openldap, samba等协议的角色和企业级服务构建的一些想法。

windsoul 发表于 2003-9-23 17:10:44

今天上网络信息安全与加密课时,刚好看到一些关于kerberos的东东,但太不详细了

windsoul 发表于 2003-9-23 17:12:21

问一下cjacker:
你的那个AC Server plan.在哪啊,我在公社没找到

shaiker 发表于 2003-9-26 13:58:54

参考一下吧,希望对你有帮助。
amd:自动安装NFS(网络文件系统)守侯进程
apmd:高级电源管理
Arpwatch:记录日志并构建一个在LAN接口上看到的以太网地址和IP地址对数据库
Autofs:自动安装管理进程automount,与NFS相关,依赖于NIS
Bootparamd:引导参数服务器,为LAN上的无盘工作站提供引导所需的相关信息
crond:Linux下的计划任务
Dhcpd:启动一个DHCP(动态IP地址分配)服务器
Gated:网关路由守候进程,使用动态的OSPF路由选择协议
Httpd:WEB服务器
Inetd:支持多种网络服务的核心守候程序
Innd:Usenet新闻服务器
Linuxconf:允许使用本地WEB服务器作为用户接口来配置机器
Lpd:打印服务器
Mars-nwe:mars-nwe文件和用于Novell的打印服务器
Mcserv:Midnight命令文件服务器
named:DNS服务器
netfs:安装NFS、Samba和NetWare网络文件系统
network:激活已配置网络接口的脚本程序
nfs:打开NFS服务
nscd:nscd(Name Switch Cache daemon)服务器,用于NIS的一个支持服务,它高速缓存用户口令和组成成员关系
portmap:RPC portmap管理器,与inetd类似,它管理基于RPC服务的连接
postgresql:一种SQL数据库服务器
routed:路由守候进程,使用动态RIP路由选择协议
rstatd:一个为LAN上的其它机器收集和提供系统信息的守候程序
ruserd:远程用户定位服务,这是一个基于RPC的服务,它提供关于当前记录到LAN上一个机器日志中的用户信息
rwalld:激活rpc.rwall服务进程,这是一项基于RPC的服务,允许用户给每个注册到LAN机器上的其他终端写消息
rwhod:激活rwhod服务进程,它支持LAN的rwho和ruptime服务
sendmail:邮件服务器sendmail
smb:Samba文件共享/打印服务
snmpd:本地简单网络管理候进程
squid:激活代理服务器squid
syslog:一个让系统引导时起动syslog和klogd系统日志守候进程的脚本
xfs:X Window字型服务器,为本地和远程X服务器提供字型集
xntpd:网络时间服务器
ypbind:为NIS(网络信息系统)客户机激活ypbind服务进程
yppasswdd:NIS口令服务器
ypserv:NIS主服务器
gpm:管鼠标的
identd:AUTH服务,在提供用户信息方面与finger类似

windsoul 发表于 2003-9-30 19:21:07

谢谢楼上的,大部分服务我读知道的。不过我就那几个不清楚
页: [1]
查看完整版本: 关于系统服务的问题