Subject: Re: telnet login problem revisited
To: None <current-users@NetBSD.org>
From: Ken Hornstein <email@example.com>
Date: 04/20/2005 11:26:09
>Can someone explain what "-a valid" does? I do not understand what
>telnetd(8) is trying to say.
I've only ever seen those options used when you're using Kerberos telnetd.
In that case, what they mean (and I agree, the man page sucks) is:
-a valid means "A Kerberos authentication exchange was successful"
(AP_REQ/ AP_REP exchange)". However, you're not necessarily authorized
to access the requested account, so there are cases where you can have
-a valid for telnetd and still get a login prompt (if you requested
encryption, then encryption is turned on, but it's not required).
-a user means "Kerberos exchange was successful, and you're authorized
to access the requested accound". In other words, krb5_kuserok() returned