[12462] in Athena Bugs
Re: ktelnet isn't safe
daemon@ATHENA.MIT.EDU (brlewis@MIT.EDU)
Wed Aug 24 13:22:32 1994
From: brlewis@MIT.EDU
Date: Wed, 24 Aug 94 13:22:28 -0400
To: bugs@MIT.EDU
In-Reply-To: "[12452] in Athena Bugs"
Hmm...it's awfully hard to trace the program flow of ktelnet's
authentication mechanism, but after 45 minutes of hunting, I find that
-DKANNAN would give the behavior Gildea wants, which does seem
appropriate.
The issue remains that we can't control all telnet clients, so users
must be educated to look for "What you type is protected by encryption"
before they type their passwords.
*** /tmp/,RCSt1a07760 Wed Aug 24 13:03:06 1994
--- telnet/Config.local.sed Wed Aug 24 12:30:13 1994
***************
*** 24,30 ****
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod -lnsl -lsocket -lresolv" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
AUTH_INC=-I/usr/athena/include \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN"
athena_aix:
make -f Makefile.generic ${WHAT} \
--- 24,30 ----
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod -lnsl -lsocket -lresolv" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
AUTH_INC=-I/usr/athena/include \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN -DKANNAN"
athena_aix:
make -f Makefile.generic ${WHAT} \
***************
*** 50,56 ****
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
AUTH_INC=-I/usr/athena/include \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN"
athena_ultrix:
make -f Makefile.generic ${WHAT} \
--- 50,56 ----
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
AUTH_INC=-I/usr/athena/include \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN -DKANNAN"
athena_ultrix:
make -f Makefile.generic ${WHAT} \
***************
*** 73,79 ****
make -f ../Config.local `basename $@ .auth` WHAT=${WHAT} \
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN"
athena_hpux:
make -f Makefile.generic ${WHAT} \
--- 73,79 ----
make -f ../Config.local `basename $@ .auth` WHAT=${WHAT} \
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN -DKANNAN"
athena_hpux:
make -f Makefile.generic ${WHAT} \
***************
*** 96,99 ****
make -f ../Config.local `basename $@ .auth` WHAT=${WHAT} \
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN"
--- 96,127 ----
make -f ../Config.local `basename $@ .auth` WHAT=${WHAT} \
AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes -lcom_err -lhesiod" \
AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a /usr/athena/lib/libdes.a" \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION -DATHENA_LOGIN -DKANNAN"
!
! athena_linux:
! make -f Makefile.generic ${WHAT} \
! LIBS="-ltermcap ../libtelnet/libtelnet.a -lbsd \
! ${AUTH_LIB}" \
! LIBPATH="/usr/lib/libc.a /usr/lib/libtermcap.a \
! ../libtelnet/libtelnet.a /usr/lib/libbsd.a \
! ${AUTH_LIBPATH}" \
! DEST=${DESTDIR}/usr/athena/bin \
! DEFINES=${ODEFS}" -DTERMCAP -DUSE_TERMIO \
! -DDEFAULT_IM='\"\r\nMIT SIPB Linux-Athena (%h) (%t)\r\n\r\n\"' \
! -DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK \
! -DOLD_ENVIRON ${AUTH_DEF}" \
! INCLUDES="-I.. -I../.. ${AUTH_INC} -I/usr/ucbinclude" \
! LIB_OBJ="getent.o" \
! LIB_SRC="getent.c" \
! AR=ar ARFLAGS=cq RANLIB=ranlib \
! LIBEXEC=${DESTDIR}/etc/athena \
! CC="${CC}" LCCFLAGS="ATHENA_LCCFLAGS -g"
!
! athena_linux.auth:
! make -f ../Config.local `basename $@ .auth` WHAT=${WHAT} \
! AUTH_LIB="-L../../AL -L/usr/athena/lib -lAL -lkrb -ldes \
! -lcom_err -lhesiod" \
! AUTH_LIBPATH="../../AL/libAL.a /usr/athena/lib/libkrb.a \
! /usr/athena/lib/libdes.a" \
! AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 \
! -DDES_ENCRYPTION -DATHENA_LOGIN -DKANNAN"
