Subject: Re: telnet login problem revisited
To: Christian Hattemer <>
From: Bill Studenmund <>
List: current-users
Date: 04/19/2005 18:10:02
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 20, 2005 at 12:35:46AM +0200, Christian Hattemer wrote:
> Hi,
> following up to:
> It turns out that 3.0 will let you in again using 2.0's client (and other
> non-NetBSD clients that worked before) when "-a valid" is removed from the
> telnetd options in inetd.conf.
> Also if you add the option to a 2.0 system it (expectedly) can't telnet
> itself anymore.
> I need the login to work as it did before, so is it a good idea to simply
> remove the option? Or should this be fixed elsewhere?
> It seems the addition of this option should be reconsidered.

I disagree. The option is there to increase the security of telnet=20
connections. telnet is, by default, an insecure protocol. This option=20
requires a bare minimum of security before permitting a login. I think=20
that the default setting we ship with should encourage this level of=20

We have, however, not removed support for insecure telnet, and all you=20
have to do to get it is remove the "-a valid" option. Given how vulnerable
insecure telnet is, I think an admin must perform some action to get it.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)