Subject: Re: telnet login problem revisited
To: Martin Husemann <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 04/20/2005 09:37:20
In message <20050420081420.GB26394@drowsy.duskware.de>, Martin Husemann writes:
>On Tue, Apr 19, 2005 at 06:10:02PM -0700, Bill Studenmund wrote:
>> We have, however, not removed support for insecure telnet, and all you
>> have to do to get it is remove the "-a valid" option. Given how vulnerable
>> insecure telnet is, I think an admin must perform some action to get it.
>Well, he has to uncomment that inetd.conf line in the first place ;-)
>Can someone explain what "-a valid" does? I do not understand what
>telnetd(8) is trying to say.
It's certainly quite unclear. I assume it's related to pam, but I
haven't verified that.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb