[12452] in Athena Bugs
ktelnet isn't safe
daemon@ATHENA.MIT.EDU (Stephen Gildea)
Tue Aug 23 09:54:17 1994
To: bugs@MIT.EDU
Date: Tue, 23 Aug 1994 09:53:55 EDT
From: Stephen Gildea <gildea@x.org>
I thought the idea of ktelnet was that my password would not go over
the network in the clear. But it does. Using the "-safe" option does
not help. I'm missing something here....
I assumed that if it found no tickets, ktelnet would use your password
to obtain them. Instead, it seems to be falling back to ordinary
telnet behavior. Since this is a security issue, it should be clearly
documented that if ktelnet prompts you for a password, it is going to
do something stupid with it.
With no ticket file I get:
$ ktelnet -safe
ktelnet> set authdebug
auth debugging enabled
ktelnet> open express.dialup.mit.edu
Trying 18.71.0.54...
Connected to express.dialup.mit.edu.
Escape character is '^]'.
>>>TELNET: I support auth type 1 2
>>>TELNET: I support auth type 1 0
>>>TELNET: auth_send got: 01 02 01 00
>>>TELNET: He supports 1
>>>TELNET: Trying 1 2
[ Trying KERBEROS4 ... ]
mk_req failed for rcmd.puttanesca@MIT.EDU: No ticket file (tf_util)
>>>TELNET: He supports 1
>>>TELNET: Trying 1 0
[ Trying KERBEROS4 ... ]
mk_req failed for rcmd.puttanesca@MIT.EDU: No ticket file (tf_util)
>>>TELNET: Sent failure message
Password:
After doing kinit, I get a similar dialog, but the mk_req failure
message is "Principal unknown (kerberos)".
Note that even if -safe was safe, ktelnet still is broken, because
-safe should be the default. I shouldn't have to know to ask for it
to do the right thing.
I'm using the 7.7 ktelnet.
< Stephen
X Consortium
