From owner-freebsd-current@FreeBSD.ORG  Fri Mar 27 13:02:17 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 08B6E106575B
	for <current@freebsd.org>; Fri, 27 Mar 2009 13:02:17 +0000 (UTC)
	(envelope-from barney_cordoba@yahoo.com)
Received: from web63907.mail.re1.yahoo.com (web63907.mail.re1.yahoo.com
	[69.147.97.122]) by mx1.freebsd.org (Postfix) with SMTP id B7D678FC15
	for <current@freebsd.org>; Fri, 27 Mar 2009 13:02:16 +0000 (UTC)
	(envelope-from barney_cordoba@yahoo.com)
Received: (qmail 51331 invoked by uid 60001); 27 Mar 2009 13:02:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1238158936; bh=gu0JD76wocpw14PMtuFLEDLBTwRB81R5hOpAvRiVetM=;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=TPlYEervrUK1u2XdV/Vgk3xc00u2pg0njrFOaqkAgNo2jAN52kXoXfWYj0Mf9FNsaliAWRCE/H4d/1AtU8anqT4AUjTO6Tpz/e9Ssya2L5SsGsr+WrkQR4q9456fNZzzRB6IhuseA74qDO1QSujFP2z15Z0g4ld/vXR5VGg0QXQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=FIEjBQW10/iua+w08RhKU1p1FWldJISnZqWWWUWSKO/+BlXzIQKhsi3XbqPYrB/fH75fTMIoSITGzp03KhK8SQ8fEAeEsjwNhwVpX2qK6Uw+gg5w+KG7ub6bxjj4ts1ludp/YP3AajlsiPNFui5vsaB6jSqRrsTmAV9OWxNY/yE=;
Message-ID: <11381.51045.qm@web63907.mail.re1.yahoo.com>
X-YMail-OSG: AmhcwnwVM1nhwjaV94xUrLe79Ig.fXcO8jba18fc6xTHccV8LWjXOFbmVpozri.bsGnZpUEikX.YyDtEqA11oaN9cY4aou_GRC9LCYbSOBuxTPbLX7g.1YWhogekTxZZrmEezGgp6jsvSc1p39qPaL6EFl.35MsNiJY1_zl28j0Yw3VbhmA5UJ2pQyaJ3iO6n17EdSdS9bv0r1A9VhMVZoeeTs7m37h_3_zjs6i2FVtqXCRAp.kuj4ldFcAc0Ot3WYKoRQk6K_gVvkNViUep
Received: from [98.242.222.229] by web63907.mail.re1.yahoo.com via HTTP;
	Fri, 27 Mar 2009 06:02:15 PDT
X-Mailer: YahooMailWebService/0.7.289.1
Date: Fri, 27 Mar 2009 06:02:15 -0700 (PDT)
From: Barney Cordoba <barney_cordoba@yahoo.com>
To: Robert Watson <rwatson@FreeBSD.org>
In-Reply-To: <alpine.BSF.2.00.0903271204400.60642@fledge.watson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: mail25@bzerk.org, ed@FreeBSD.org, current@freebsd.org
Subject: Re: Telnet root login
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: barney_cordoba@yahoo.com
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2009 13:02:20 -0000





--- On Fri, 3/27/09, Robert Watson <rwatson@FreeBSD.org> wrote:

> From: Robert Watson <rwatson@FreeBSD.org>
> Subject: Re: Telnet root login
> To: "Barney Cordoba" <barney_cordoba@yahoo.com>
> Cc: mail25@bzerk.org, current@freebsd.org, ed@FreeBSD.org
> Date: Friday, March 27, 2009, 8:24 AM
> On Thu, 26 Mar 2009, Barney Cordoba wrote:
> 
> > Ok, I have some critical info here. When I set up ttys
> with the proper pts/0 setting, I can login are root using
> > 
> > login localhost
> > 
> > however when telnet in from my iMAC, it doesn't
> work. It also doesn't give me the "Trying SRA
> secure login" from the mac. So it seems its using a
> different authentication when I telnet from the MAC.
> 
> Hi Barney (and now also Ed!),
> 
> This indeed appears to be the key.  getttyent(3) appears to
> properly return the /etc/ttys entry for pts devices, and the
> TTY_SECURE flag is properly returned.  However,
> pam_securetty isn't using a valid tty name string -- it
> turns out login, invoked by telnet in the non-SRA case,
> assumes it can run the following code to get back the tty
> name:
> 
>         /*
>          * Get current TTY
>          */
>         ttyn = ttyname(STDIN_FILENO);
>         if (ttyn == NULL || *ttyn == '\0') {
>                 (void)snprintf(tname, sizeof(tname),
> "%s??", _PATH_TTY);
>                 ttyn = tname;
>         }
>         if ((tty = strrchr(ttyn, '/')) != NULL)
>                 ++tty;
>         else
>                 tty = ttyn;
> 
> The resulting string ("2" in my case) is passed
> on to PAM as the tty, and then pam_securetty looks that up
> without any success.
> 
> Ed, is this something you could take a look at?  It's
> not clear to me if the above logic just needs fixing, or if
> there are more subtle considerations.
> 
> Thanks,

aha! So putting

0 none network secure

in /etc/ttys works. That also explains why when doing a 'ps -ax' it 
shows the tty as 0. 

I also notice that 'who' is empty when logging in via telnet. When logging
in with ssh who correctly shows the entry. I don't know if that is related
to the invalid terminal name, but its certainly something that needs to
be repaired.

Barney