Date: Fri, 31 Aug 2001 13:37:49 +0200 From: Joerg Wunsch <j@ida.interface-business.de> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: audit@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: why does telnetd run as root? Message-ID: <20010831133749.H76749@ida.interface-business.de> In-Reply-To: <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, Aug 30, 2001 at 02:17:23PM -0400 References: <20010830201102.O69247@ida.interface-business.de> <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
As Garrett Wollman wrote: > <<On Thu, 30 Aug 2001 20:11:02 +0200, Joerg Wunsch <j@ida.interface-business.de> said: > > > But then, it's IMHO much safer to run telnetd as user > > `daemon', and have login(1) allow user daemon to pass -h. > > Only works for cleartext password authentication. Not really, but you're right, it doesn't work for SRA telnet. It works for anything that can be handled by /usr/bin/login, i just tried OPIE which does well. Still, allowing this as an option seems useful to me. (If i want encryption, i'll use ssh anyway. Telnet is only a fallback if no encryption is available for whatever reason. It is very unlikely i'll find a client that could do SRA telnet but could not do ssh.) -- J"org Wunsch Unix support engineer joerg_wunsch@interface-systems.de http://www.interface-systems.de/~j/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010831133749.H76749>