netbsd-bugs: bin/5821: telnetd and -s switch to login

Subject: bin/5821: telnetd and -s switch to login
To: None <gnats-bugs@gnats.netbsd.org>
From: Heiko W.Rupp <hwr@pilhuhn.de>
List: netbsd-bugs
Date: 07/23/1998 16:07:41
>Number:         5821
>Category:       bin
>Synopsis:       telnetd and -s switch to login
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 23 07:35:00 1998
>Last-Modified:
>Originator:     Heiko W.Rupp
>Organization:
private
>Release:        NetBSD-1.3.2
>Environment:
System: NetBSD quaak 1.3.2 NetBSD 1.3.2 (GENERIC) #0: Sun May 24 19:45:48 EDT 1998 perry@frankenstein.piermont.com:/usr/src/sys/arch/i386/compile/GENERIC i386


>Description:

Login(1) says that one can supply a '-s' command line switch to force
the use of either kerberos or S/Key. If compiled in, telnetd can
supply this '-s' switch to login. By default this is not compiled in,
but mentionned in the man page in different sense (at least to me).

>How-To-Repeat:

man telnetd

     -s           This option is only enabled if telnetd is compiled with sup-
                  port for SecurID cards.  It causes the -s option to be
                  passed on to login(1),  and thus is only useful if login(1)
                  supports the -s flag to indicate that only SecurID validated
                  logins are allowed, and is usually useful for controlling
                  remote logins from outside of a firewall.

And:

snert# !! -s
/usr/libexec/telnetd -s
telnetd: illegal option -- s
Usage: telnetd [-debug] [-D (options|report|exercise|netdata|ptydata)]
         [-h] [-k] [-l] [-n]
         [-u utmp_hostname_length] [-U] [port]


	
>Fix:

Define SecurID in the Makefile and rewrite the manpage text to include
S/key (e.g. :

snert!23> diff -c telnetd.8,1 telnetd.8
*** telnetd.8,1 Tue May  5 08:40:14 1998
--- telnetd.8   Thu Jul 23 16:06:40 1998
***************
*** 289,294 ****
--- 289,297 ----
  validated logins are allowed, and is
  usually useful for controlling remote logins
  from outside of a firewall.
+ This option can also be used in conjunction with S/Key logins to
force
+ .Xr login 1
+ to prompt the user for a S/Key password.
  .It Fl S Ar tos
  .It Fl u Ar len
  This option is used to specify the size of the field
***************
*** 528,533 ****
--- 531,537 ----
  .Sh "SEE ALSO"
  .Xr telnet 1 ,
  .Xr login 1 ,
+ .Xr skey 1 
  .Sh STANDARDS
  .Bl -tag -compact -width RFC-1572
  .It Cm RFC-854
snert!24> 



}


>Audit-Trail:
>Unformatted: