From kenh@cmf.nrl.navy.mil Mon Feb 10 20:08:01 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id UAA29737 for <bugs@RT-11.MIT.EDU>; Mon, 10 Feb 1997 20:08:00 -0500
Received: from [134.207.10.161] by MIT.EDU with SMTP
id AA22988; Mon, 10 Feb 97 18:40:35 EST
Received: from nexus.cmf.nrl.navy.mil (kenh@nexus.cmf.nrl.navy.mil [134.207.10.9]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id SAA20326 for <krb5-bugs@mit.edu>; Mon, 10 Feb 1997 18:39:31 -0500 (EST)
Received: (kenh@localhost) by nexus.cmf.nrl.navy.mil (8.7.5/8.6.11) id SAA29504; Mon, 10 Feb 1997 18:39:38 -0500 (EST)
Message-Id: <199702102339.SAA29504@nexus.cmf.nrl.navy.mil>
Date: Mon, 10 Feb 1997 18:39:38 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: The V4 telnetd code doesn't need to check for etc/srvtab
X-Send-Pr-Version: 3.99
System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4
In the V4 authentication code for telnetd, it checks to see if /etc/srvtab
exists. If it doesn't, then it doesn't offer V4 as a possible authentication
type.
However, the builtin V4 compat code doesn't _need_ a /etc/srvtab -- it can
read stuff out of a V5 keytab. So this check makes the V4 telnetd not work
when it could.
Try to use a V4 telnet client to a V5 telnetd.
This patch removes the check. Note that to actually get users to successfully
use a V4 telnet client with a V5 telnetd, they either need a .klogin file
or /etc/krb.conf needs to be in place (since the V4 compat code doesn't know
about the V5 config files).
--- appl/telnet/libtelnet/kerberos.c.orig Sun Feb 9 23:59:27 1997
+++ appl/telnet/libtelnet/kerberos.c Mon Feb 10 18:33:29 1997
@@ -136,13 +136,8 @@
Authenticator *ap;
int server;
{
- FILE *fp;
-
if (server) {
str_data[3] = TELQUAL_REPLY;
- if ((fp = fopen(KEYFILE, "r")) == NULL)
- return(0);
- fclose(fp);
} else {
str_data[3] = TELQUAL_IS;
}
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id UAA29737 for <bugs@RT-11.MIT.EDU>; Mon, 10 Feb 1997 20:08:00 -0500
Received: from [134.207.10.161] by MIT.EDU with SMTP
id AA22988; Mon, 10 Feb 97 18:40:35 EST
Received: from nexus.cmf.nrl.navy.mil (kenh@nexus.cmf.nrl.navy.mil [134.207.10.9]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id SAA20326 for <krb5-bugs@mit.edu>; Mon, 10 Feb 1997 18:39:31 -0500 (EST)
Received: (kenh@localhost) by nexus.cmf.nrl.navy.mil (8.7.5/8.6.11) id SAA29504; Mon, 10 Feb 1997 18:39:38 -0500 (EST)
Message-Id: <199702102339.SAA29504@nexus.cmf.nrl.navy.mil>
Date: Mon, 10 Feb 1997 18:39:38 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: The V4 telnetd code doesn't need to check for etc/srvtab
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 368
>Category: telnet
>Synopsis: The V4 telnetd code checks for /etc/srvtab - it doesn't need to
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Mon Feb 10 20:09:00 EST 1997
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Naval Research Lab>Category: telnet
>Synopsis: The V4 telnetd code checks for /etc/srvtab - it doesn't need to
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: hartmans
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Mon Feb 10 20:09:00 EST 1997
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Show quoted text
>Release: 1.0
>Environment:
>Environment:
System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4
Show quoted text
>Description:
In the V4 authentication code for telnetd, it checks to see if /etc/srvtab
exists. If it doesn't, then it doesn't offer V4 as a possible authentication
type.
However, the builtin V4 compat code doesn't _need_ a /etc/srvtab -- it can
read stuff out of a V5 keytab. So this check makes the V4 telnetd not work
when it could.
Show quoted text
>How-To-Repeat:
Try to use a V4 telnet client to a V5 telnetd.
Show quoted text
>Fix:
<how to correct or work around the pro blem, if known (multiple lines)>This patch removes the check. Note that to actually get users to successfully
use a V4 telnet client with a V5 telnetd, they either need a .klogin file
or /etc/krb.conf needs to be in place (since the V4 compat code doesn't know
about the V5 config files).
--- appl/telnet/libtelnet/kerberos.c.orig Sun Feb 9 23:59:27 1997
+++ appl/telnet/libtelnet/kerberos.c Mon Feb 10 18:33:29 1997
@@ -136,13 +136,8 @@
Authenticator *ap;
int server;
{
- FILE *fp;
-
if (server) {
str_data[3] = TELQUAL_REPLY;
- if ((fp = fopen(KEYFILE, "r")) == NULL)
- return(0);
- fclose(fp);
} else {
str_data[3] = TELQUAL_IS;
}
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: