[1577] in Kerberos_V5_Development
Re: telnetd
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Aug 14 20:01:09 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbcore@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 14 Aug 1996 20:00:56 -0400
In-Reply-To: "Barry Jaspan"'s message of Wed, 14 Aug 1996 12:36:52 -0400
The difference between -a user and -a valid is that -a user
requires you eventually log in as the user you specify in the
authentication. With the -a valid option, you can log in as something
else. For example, if you knew my password and used
telnet -ax -l hartmans tertius
You would pass the authentication required check even if you
were not in my .k5login if I ran -a valid. If you were in my
.k5login, no additional aurthorization would be performed. Otherwise,
you would need to supply my password.
I don't remember the documented difference between -a none and
-a off. We should think for at least half a second before changing
the semantics because we originally got that code from BSD telnet,
which uses the same -a semantics. However, unlike db, I believe we
have come to the concensus that we can do a better job of maintining
the telnet code in a portable manner than the original author, so
changes are reasonable.
--Sam
