From owner-freebsd-stable  Wed May  2 11:34:54 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from dargo.talarian.com (dargo.talarian.com [207.5.33.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id E59CD37B43F; Wed,  2 May 2001 11:34:51 -0700 (PDT)
	(envelope-from nsayer@talarian.com)
Received: from moya.talarian.com (moya.talarian.com [10.4.10.8])
	by dargo.talarian.com (Postfix) with ESMTP
	id E194122B10; Wed,  2 May 2001 11:32:45 -0700 (PDT)
Received: from beast.talarian.com (beast.talarian.com [10.4.10.6])
	by moya.talarian.com (Postfix) with ESMTP
	id 681BC4E; Wed,  2 May 2001 11:34:51 -0700 (PDT)
Received: from talarian.com (localhost [127.0.0.1])
	by beast.talarian.com (8.11.3/8.11.3) with ESMTP id f42IYp794859;
	Wed, 2 May 2001 11:34:51 -0700 (PDT)
	(envelope-from nsayer@talarian.com)
Message-ID: <3AF0534B.FBD68B81@talarian.com>
Date: Wed, 02 May 2001 11:34:51 -0700
From: Nick Sayer <nsayer@talarian.com>
Reply-To: nsayer@freebsd.org
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Gavin Atkinson <gavin@ury.york.ac.uk>
Cc: freebsd-stable@freebsd.org, markm@freebsd.org
Subject: Re: telnet sometimes gets "SRA secure login" prompt??
References: <Pine.BSF.4.33.0105021758120.57439-100000@ury.york.ac.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Gavin Atkinson wrote:

> On Wed, 2 May 2001, Gregory Neil Shapiro wrote:
>
> > Using "-a off" won't help.  Use:
> >
> > telnet        stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd -a off -X sra
> > telnet        stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd -a off -X sra
>
> Ah - that explains it... Though to be honest, I was more worried as to why
> an out-of-the-box install of 4.3-RELEASE withg crypto installed would
> allow telnet in as root - and no, my ttys are not marked as secure.

It's a bug. No one has reported it before. Now that I'm aware of it, I'll see what I can do.

Once upon a time, I worked out PAM support for SRA. Perhaps this might be a good reason to
revisit that (Mark?).

I am also surprised that '-a off' is insufficient for telnetd. I will see about looking into
that too.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message