[3982] in Kerberos
Telnet Authentication Protocol
daemon@ATHENA.MIT.EDU (Matt Perry)
Mon Oct 3 23:56:17 1994
To: kerberos@MIT.EDU
Date: Tue, 4 Oct 1994 00:36:35 GMT
From: mattp@apertus.com (Matt Perry)
I am trying to determine the standard method used for determining
whether a Telnet client is a kerberized client or not under K4.
If the Telnet client makes a connection to a Telnet Service that is
Kerberized how is the Telnet Service to determine whether the authentication
data is just slow in getting to it from the client or whether the client
is not kerberized?
I see that there is a telnetd in which the rfc1416 protocol is implemented.
This provides a straigtforward way by just asking the client whether they
are kerberized or not through Telnet negotiation.
However, it appears that in the MIT K4 distribution the bsd apps and the
sample apps do not do any handshaking prior to issuing a krb_recvauth().
Is this the standard technique? Does the server issue a krb_recvauth()
and if there is no response within a certain time or the response is
invalid ticket information (as would be the case if a non-kerberized
client sent normal data instead of authentication data) disconnect the
client? Is this the standard?
Put another way, how is the Telnet end-server to know that authentication data
is on its way and not some other data? Or for that matter how does any
end-server know this.
Any help in pointing me in the right direction on this would be
greatly appreciated.
Matt Perry
Apertus Technologies, Inc.
mattp@apertus.com
