From root@inception.smyrph.net Thu Jul 19 22:04:20 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id WAA09774 for ; Thu, 19 Jul 2001 22:04:20 -0400 (EDT) Received: from inception.smyrph.net (root@inception.smyrph.net [66.92.69.137]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA27060 for ; Thu, 19 Jul 2001 22:04:19 -0400 (EDT) Received: (from root@localhost) by inception.smyrph.net (8.10.2/8.10.2) id f6K24JE03373; Thu, 19 Jul 2001 22:04:19 -0400 Message-Id: <200107200204.f6K24JE03373@inception.smyrph.net> Date: Thu, 19 Jul 2001 22:04:19 -0400 From: david@smyrph.net Reply-To: david@smyrph.net To: krb5-bugs@mit.edu Subject: login.krb5 needs /etc/ttys to allow console root logins X-Send-Pr-Version: 3.99 >Number: 979 >Category: krb5-appl >Synopsis: login.krb5 needs /etc/ttys to allow console root logins >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Thu Jul 19 22:05:01 EDT 2001 >Last-Modified: >Originator: me? >Organization: just my personal things - smyrph.net >Release: krb5-1.2.2 >Environment: Linux, slackware 7.1, Intel P3 System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown Architecture: i686 >Description: default behavior of login.krb5 is to use C library to check /etc/ttys to determine if root can log in from a particular tty. however, it was a Real pain to figure out that it only wanted a /etc/ttys file... and then try to deduce the format! I ended up strace'ing login.krb5 then disecting the C library to figure out what I hope is the proper syntax of the file. >How-To-Repeat: install login.krb5 as the system /bin/login (symlink...) and try logging in to a linux console. the login will fail since login.krb5 will not normally find a /etc/ttys (well, at least on Slackware Linux 7.1) >Fix: Could an example /etc/ttys be included in the distribution perhaps with some reference docs from login.krb5? It would greatly help any system integrator attempting to sew kerberos logins into Linux systems. Here's my /etc/ttys I deduced from glibc's source...: # secure on|off window= # comment console none linux secure tty1 none linux secure tty2 none linux secure tty3 none linux secure tty4 none linux secure tty5 none linux secure tty6 none linux secure tty7 none linux secure tty8 none linux secure tty9 none linux secure tty10 none linux secure tty11 none linux secure tty12 none linux secure tty13 none linux secure tty14 none linux secure tty15 none linux secure tty16 none linux secure tty17 none linux secure tty18 none linux secure tty19 none linux secure tty20 none linux secure tty21 none linux secure tty22 none linux secure tty23 none linux secure tty24 none linux secure tty25 none linux secure tty26 none linux secure tty27 none linux secure tty28 none linux secure tty29 none linux secure tty30 none linux secure tty31 none linux secure tty32 none linux secure tty33 none linux secure tty34 none linux secure tty35 none linux secure tty36 none linux secure tty37 none linux secure tty38 none linux secure tty39 none linux secure tty40 none linux secure tty41 none linux secure tty42 none linux secure tty43 none linux secure tty44 none linux secure tty45 none linux secure tty46 none linux secure tty47 none linux secure tty48 none linux secure tty49 none linux secure tty50 none linux secure tty51 none linux secure tty52 none linux secure tty53 none linux secure tty54 none linux secure tty55 none linux secure tty56 none linux secure tty57 none linux secure tty58 none linux secure tty59 none linux secure tty60 none linux secure tty61 none linux secure tty62 none linux secure tty63 none linux secure >Audit-Trail: >Unformatted: