Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Jul 2000 22:38:01 -0700 (PDT)
From:      pscott@the-frontier.org
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/20333: ftp login fails on unix password when s/key active but not required
Message-ID:  <20000801053801.5552637B59B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         20333
>Category:       misc
>Synopsis:       ftp login fails on unix password when s/key active but not required
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 31 22:40:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Paul A. Scott
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
>Environment:
FreeBSD mail 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Sun Jun  4 00:17:00 GMT 2000     root@ns1:/usr/src/sys/compile/MIKETODD
>Description:
If a userid has an s/key, but s/key is not required for login, ftp should allow a unix password, but it does not; only the s/key password works. This problem does not happen with telnet. telnet allows unix password, ftp does not. Problem first noticed on 4.0 release; another machine running 2.2.8 has no problems with s/key on either ftp or telnet.
>How-To-Repeat:
Enable s/key for a userid dummy.

Set up /etc/skey.access to allow unix passwords from intranet 192.168.168.0 for dummy but not from another network.

permit internet 192.168.168.0 255.255.255.0

deny user dummy
deny user root
permit

From another machine on the 192.168.168.0 network, start an ftp client to the FreeBSD machine with an interface on the same network.

Log in as userid dummy.

The ftp server issues an s/key challenge BUT DOES NOT REQUIRE an skey, so a unix password should be accepted.

Type in dummy's unix password. The ftp server barfs, saying login incorrect. That shouldn't happen. Type in dummy's correct s/key. Dummy gets logged in.

Try telnet between the same two machines. No problem using a unix password.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000801053801.5552637B59B>