From owner-cvs-all Thu Apr 5 8:29: 3 2001 Delivered-To: cvs-all@freebsd.org Received: from assaris.sics.se (assaris.sics.se [193.10.66.234]) by hub.freebsd.org (Postfix) with ESMTP id 5F13E37B724; Thu, 5 Apr 2001 08:28:57 -0700 (PDT) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id RAA81493; Thu, 5 Apr 2001 17:29:00 +0200 (CEST) (envelope-from assar) From: Assar Westerlund To: Nick Sayer Cc: cvs-committers@freebsd.org, cvs-all Subject: Re: cvs commit: src/secure/lib/libtelnet Makefile References: <200104050037.f350b7t89955@freefall.freebsd.org> <3ACC0695.4010603@quack.kfu.com> <3ACC74A0.7000304@quack.kfu.com> Date: 05 Apr 2001 17:29:00 +0200 In-Reply-To: Nick Sayer's message of "Thu, 05 Apr 2001 06:35:28 -0700" Message-ID: <5l66gjqsar.fsf@assaris.sics.se> Lines: 13 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Nick Sayer writes: > By the way, lest anyone forget, all of this functionality we're talking > about isn't even the default for telnet. You actually have to *ask* for > it (telnet -a) to do an automatic login. IMHO allowing this to proceed > without at least ROT13ing ( :-) ) the authentication data does not meet > POLA guidelines. It's even worse than that, though, since plaintext is > used *without any warning*, which doesn't even allow the user a chance > to be astonished (unless he finds out someone sniffed his credentials). But autologin is the default now. But you have fixed the SRA prompts to behave as people except them (C-c able). /assar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message