[2415] in Kerberos_V5_Development
Re: different -a flags for telnetd
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Sat Jul 5 05:31:17 1997
Date: Sat, 5 Jul 1997 05:29:28 -0400 (EDT)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@MIT.EDU
In-Reply-To: <199707040529.BAA00947@ginger.cmf.nrl.navy.mil>
On Fri, 4 Jul 1997, Ken Hornstein wrote:
> Is it just me, or is there currently no (real) difference between "-a valid"
> and "-a user" for telnetd?
>
> In the code, there is a difference (but the man page seems to get it
> backwards). However, if you do:
>
> % telnet -a -l someotheruser host
>
> It craps out (Authorization failed), no matter if you have -a valid or
> -a user set (but it works if you don't have either set).
>
> The reason for this seems to be this code in sys_term.c:startslave() :
>
> if (!autoname || !autoname[0])
> autologin = 0;
>
> None of the Authenticator status functions copy in the username if
> the login isn't valid, so even though autologin is set to AUTH_USER,
> it ends up getting blown away.
>
> It would seem to me that the right thing to do (from my spotty
> understanding of the telnet code) is to always copy in the requested
> username, even if the login isn't valid. Maybe this shouldn't happen
> in each Authenticator status function, though.
>
> Comments?
Telnet sucks. Telnet should be rewritten from scratch. I wouldn't
mind seeing a protocol redesign at the same time, either - options
processing is way to messy as it is now.
Constructive? Not very. But you asked for comments. :-)
-- Jeff
