Subject: bin/5821: telnetd and -s switch to login
To: None <gnats-bugs@gnats.netbsd.org>
From: Heiko W.Rupp <hwr@pilhuhn.de>
List: netbsd-bugs
Date: 07/23/1998 16:07:41
>Number: 5821
>Category: bin
>Synopsis: telnetd and -s switch to login
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Jul 23 07:35:00 1998
>Last-Modified:
>Originator: Heiko W.Rupp
>Organization:
private
>Release: NetBSD-1.3.2
>Environment:
System: NetBSD quaak 1.3.2 NetBSD 1.3.2 (GENERIC) #0: Sun May 24 19:45:48 EDT 1998 perry@frankenstein.piermont.com:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
Login(1) says that one can supply a '-s' command line switch to force
the use of either kerberos or S/Key. If compiled in, telnetd can
supply this '-s' switch to login. By default this is not compiled in,
but mentionned in the man page in different sense (at least to me).
>How-To-Repeat:
man telnetd
-s This option is only enabled if telnetd is compiled with sup-
port for SecurID cards. It causes the -s option to be
passed on to login(1), and thus is only useful if login(1)
supports the -s flag to indicate that only SecurID validated
logins are allowed, and is usually useful for controlling
remote logins from outside of a firewall.
And:
snert# !! -s
/usr/libexec/telnetd -s
telnetd: illegal option -- s
Usage: telnetd [-debug] [-D (options|report|exercise|netdata|ptydata)]
[-h] [-k] [-l] [-n]
[-u utmp_hostname_length] [-U] [port]
>Fix:
Define SecurID in the Makefile and rewrite the manpage text to include
S/key (e.g. :
snert!23> diff -c telnetd.8,1 telnetd.8
*** telnetd.8,1 Tue May 5 08:40:14 1998
--- telnetd.8 Thu Jul 23 16:06:40 1998
***************
*** 289,294 ****
--- 289,297 ----
validated logins are allowed, and is
usually useful for controlling remote logins
from outside of a firewall.
+ This option can also be used in conjunction with S/Key logins to
force
+ .Xr login 1
+ to prompt the user for a S/Key password.
.It Fl S Ar tos
.It Fl u Ar len
This option is used to specify the size of the field
***************
*** 528,533 ****
--- 531,537 ----
.Sh "SEE ALSO"
.Xr telnet 1 ,
.Xr login 1 ,
+ .Xr skey 1
.Sh STANDARDS
.Bl -tag -compact -width RFC-1572
.It Cm RFC-854
snert!24>
}
>Audit-Trail:
>Unformatted: