[1589] in Kerberos_V5_Development
Re: telnetd
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu Aug 15 18:50:56 1996
Date: Thu, 15 Aug 1996 18:50:40 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: hartmans@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <tslsp9pldmv.fsf@tertius.mit.edu> (message from Sam Hartman on 14
Aug 1996 20:00:56 -0400)
The difference between -a user and -a valid is that -a user
requires you eventually log in as the user you specify in the
authentication. With the -a valid option, you can log in as something
else.
I hadn't considered the possibility as logging in as someone else when
I first tried to figure out what all the -a options meant.
The behavior you describe is not what I am seeing. -a user and -a
valid seem to me to be identical: you must be in ~/.k5login. -a none
seems to be what you are suggesting -a valid to be: if I run telnet -l
marc beeblebrox, it says
<beeblebrox> /marc/krb5/build% appl/telnet/telnet/telnet -ax -l marc beeblebrox
Trying 18.177.1.29...
Connected to beeblebrox.MIT.EDU.
Escape character is '^]'.
[ Kerberos V5 accepts you as ``bjaspan@ATHENA.MIT.EDU'' ]
assword for marc:
marc: Kerberos password incorrect
(note, incidentally, that it loses the leading "P" of Passowrd).
Perhaps the difference between -a user and -a valid is that with -a
user the unix user must equal the krb5 name, whereas with -a valid the
unix user can be any valid unix user for whom you are in the .k5login
file? I do not have time right now to test this theory, but I'll try
to get to it sometime.
Barry
