Tuesday, December 30, 2008

Solaris JASS / VNC problem

If you ever need to run VNC with inetd on a server after applying SUNWjass's secure.driver, make sure to change the following file that JASS creates - /etc/dt/config/Xaccess (do not confuse this with /usr/dt/config/Xaccess or /usr/openwin/lib/X11/xdm/Xaccess):

(before)

##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS

## Deny all remote access (direct/broadcast) to this X server.

!*


(after)

##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS

## All remote access (direct/broadcast) to this X server.

*


This combined with /etc/hosts.allow and /etc/hosts.deny will provide the necessary security.

No comments: