conserver is compiled with tcp-wrappers Use the name 'conserver' in the tcp_wrapper config files. -- Joergen Haegg Thu, 24 Feb 2005 21:29:28 +0100 --------------------------------------------------------------------------- conserver for Debian -------------------- I had to make a script-wrapper around console to be able to configure the conserver host. The only reason that conserver ended up in non-free is the Ohio State license that don't explicitly allows modification. I will move it to main if this can be solved. Conserver is compiled with tcp_wrappers. Use the name 'conserver' as the daemon name in /etc/hosts.allow. ------------------------ REMEMBER: conserver will not start unless it has a valid /etc/conserver.cf. Check /var/log/server.log. ------------------------ Version 8 has changed both protocol and config file format, here is more info from the INSTALL file: Whenever you upgrade I suggest you upgrade both the client and server. Most times, however, you can get away without upgrading the client (it's usually a fairly static piece of code). I'll document any dependencies here, but check the CHANGES file for any new features added to the client if you're considering *not* upgrading. Version 8.0.2 - I've added a '^Ec;' sequence to allow the client to signal the server as to when it's ready to see console data. Without this, verbose consoles will prevent clients from attaching (the client sees unexpected data). An 8.0.2 client should be compatible with an 8.0.1 server, but an 8.0.1 client is not compatible with an 8.0.2 server. Version 8.0.1 - There's a slight client/server protocol change to implement the new 'initcmd' console option. If you use this functionality with an 8.0.0 client, you'll run into a compatibility problem while the 'initcmd' command is running. Version 8.0.0 - The client/server protocol has been rearchitected. You *MUST* use an 8.0.0 client with an 8.0.0 server. No combination of client/server will work with pre-8.0.0 code. - Upgrading from pre-8.0.0 code to 8.0.0 and beyond requires you to change your conserver.cf and conserver.passwd files because both of the file formats have changed. The conserver.cf file changes are so major that there is a convert program available in the conserver subdirectory. Just run './conserver/convert ' and it will attempt a conversion to the new format, sending it to stdout. Any errors will be printed to stderr. There are a couple of things you might need to adjust. First are the user access lists. If you are restricting users to certain consoles in your old conserver.passwd file, you'll need to move those restrictions into the new conserver.cf file. Restrictions are set with the 'ro' and 'rw' tags in the configuration file. Second are the 'access' blocks. What get produced by the convert program will be functionally equivalent to the old behavior, but you may be able to tune things to better suit your environment. The conserver.passwd file's console restrictions have moved, as described above. So to convert the conserver.passwd file, all you really need to do is something like: awk -F: '{print $1 ":" $2}' If you have comments or continuation lines in your file, you'll have to do a bit more cleanup to strip out the third field (which is what the awk command is intending to do). - Conserver no longer trusts reverse DNS information by default. If you use the --with-trustrevdns configure flag, you can re-enable the use of gethostbyaddr() [I don't recommended it, however]. If you are using domain names in access lists, you'll either need to change those to use hostnames and/or ip addresses/ranges or use the --with-trustrevdns flag. For example, if you have (in the 8.0.0 format): allowed conserver.com; # allow *.conserver.com then you'll need to worry about this change. If you only use full hostnames, you shouldn't have to do anything. Version 7.2.4 - If SSL support is compiled into the code, older versions of the client and server are, by default, incompatible because encrypted connections are a requirement. Use of the -E flag in the client and/or server can work around this (but I discourage this - please upgrade the clients and servers instead). Version 7.2.0 - The code related to broadcast messages in the client (-b) has changed. If you want the username to come across properly in the broadcast message, you'll need to make sure you upgrade to the 7.2.0 client. Version 7.1.1 - Both conserver.passwd and conserver.cf file parsing behaves the same now. Both use leading whitespace as a continuation line indicator - if you have leading whitespace on a line (aside from comments) you probably should remove it. Version 7.1.0 - The client/server protocol has changed. You *MUST* use a 7.1.0 client with a 7.1.0 and above server. A 7.1.0 client is *not* backward compatible with a pre-7.1.0 server. - Some of the flags in the client (-d, -D, and -r) and server (-n) have been given new identities to make the client and server flags more uniform. - The conserver.passwd file now uses the first username match to determine access rights - if you have multiple instances of a username in an existing password file, they must be combined into one to continue to work.