--6CXocAQn8Xbegyxo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 20, 2005 at 12:35:46AM +0200, Christian Hattemer wrote:
> Hi,
>=20
> following up to:
> http://mail-index.netbsd.org/current-users/2005/03/25/0000.html
>=20
> It turns out that 3.0 will let you in again using 2.0's client (and other
> non-NetBSD clients that worked before) when "-a valid" is removed from the
> telnetd options in inetd.conf.
>=20
> Also if you add the option to a 2.0 system it (expectedly) can't telnet
> itself anymore.
>=20
> I need the login to work as it did before, so is it a good idea to simply
> remove the option? Or should this be fixed elsewhere?
>=20
> It seems the addition of this option should be reconsidered.

I disagree. The option is there to increase the security of telnet=20
connections. telnet is, by default, an insecure protocol. This option=20
requires a bare minimum of security before permitting a login. I think=20
that the default setting we ship with should encourage this level of=20
security.

We have, however, not removed support for insecure telnet, and all you=20
have to do to get it is remove the "-a valid" option. Given how vulnerable
insecure telnet is, I think an admin must perform some action to get it.

Take care,

Bill

--6CXocAQn8Xbegyxo
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFCZavqWz+3JHUci9cRAqk7AKCCQNfkWZHkG/Pl0eEfytItLunTCQCghWMh
XLd28IIg390DHsYCUzhY9ak=
=l9Qn
-----END PGP SIGNATURE-----

--6CXocAQn8Xbegyxo--