From root@inception.smyrph.net Thu Jul 19 22:04:20 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id WAA09774
for <bugs@RT-11.mit.edu>; Thu, 19 Jul 2001 22:04:20 -0400 (EDT)
Received: from inception.smyrph.net (root@inception.smyrph.net [66.92.69.137])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA27060
for <krb5-bugs@mit.edu>; Thu, 19 Jul 2001 22:04:19 -0400 (EDT)
Received: (from root@localhost)
by inception.smyrph.net (8.10.2/8.10.2) id f6K24JE03373;
Thu, 19 Jul 2001 22:04:19 -0400
Message-Id: <200107200204.f6K24JE03373@inception.smyrph.net>
Date: Thu, 19 Jul 2001 22:04:19 -0400
From: david@smyrph.net
Reply-To: david@smyrph.net
To: krb5-bugs@mit.edu
Subject: login.krb5 needs /etc/ttys to allow console root logins
X-Send-Pr-Version: 3.99
System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown
Architecture: i686
determine if root can log in from a particular tty. however, it was a Real
pain to figure out that it only wanted a /etc/ttys file... and then try to
deduce the format! I ended up strace'ing login.krb5 then disecting the C
library to figure out what I hope is the proper syntax of the file.
in to a linux console. the login will fail since login.krb5 will not
normally find a /etc/ttys (well, at least on Slackware Linux 7.1)
some reference docs from login.krb5? It would greatly help any system
integrator attempting to sew kerberos logins into Linux systems. Here's
my /etc/ttys I deduced from glibc's source...:
#<tty> <getty> <type> secure on|off window=<windowval> # comment
console none linux secure
tty1 none linux secure
tty2 none linux secure
tty3 none linux secure
tty4 none linux secure
tty5 none linux secure
tty6 none linux secure
tty7 none linux secure
tty8 none linux secure
tty9 none linux secure
tty10 none linux secure
tty11 none linux secure
tty12 none linux secure
tty13 none linux secure
tty14 none linux secure
tty15 none linux secure
tty16 none linux secure
tty17 none linux secure
tty18 none linux secure
tty19 none linux secure
tty20 none linux secure
tty21 none linux secure
tty22 none linux secure
tty23 none linux secure
tty24 none linux secure
tty25 none linux secure
tty26 none linux secure
tty27 none linux secure
tty28 none linux secure
tty29 none linux secure
tty30 none linux secure
tty31 none linux secure
tty32 none linux secure
tty33 none linux secure
tty34 none linux secure
tty35 none linux secure
tty36 none linux secure
tty37 none linux secure
tty38 none linux secure
tty39 none linux secure
tty40 none linux secure
tty41 none linux secure
tty42 none linux secure
tty43 none linux secure
tty44 none linux secure
tty45 none linux secure
tty46 none linux secure
tty47 none linux secure
tty48 none linux secure
tty49 none linux secure
tty50 none linux secure
tty51 none linux secure
tty52 none linux secure
tty53 none linux secure
tty54 none linux secure
tty55 none linux secure
tty56 none linux secure
tty57 none linux secure
tty58 none linux secure
tty59 none linux secure
tty60 none linux secure
tty61 none linux secure
tty62 none linux secure
tty63 none linux secure
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id WAA09774
for <bugs@RT-11.mit.edu>; Thu, 19 Jul 2001 22:04:20 -0400 (EDT)
Received: from inception.smyrph.net (root@inception.smyrph.net [66.92.69.137])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA27060
for <krb5-bugs@mit.edu>; Thu, 19 Jul 2001 22:04:19 -0400 (EDT)
Received: (from root@localhost)
by inception.smyrph.net (8.10.2/8.10.2) id f6K24JE03373;
Thu, 19 Jul 2001 22:04:19 -0400
Message-Id: <200107200204.f6K24JE03373@inception.smyrph.net>
Date: Thu, 19 Jul 2001 22:04:19 -0400
From: david@smyrph.net
Reply-To: david@smyrph.net
To: krb5-bugs@mit.edu
Subject: login.krb5 needs /etc/ttys to allow console root logins
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 979
>Category: krb5-appl
>Synopsis: login.krb5 needs /etc/ttys to allow console root logins
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Thu Jul 19 22:05:01 EDT 2001
>Last-Modified:
>Originator: me?
>Organization:
just my personal things - smyrph.net>Category: krb5-appl
>Synopsis: login.krb5 needs /etc/ttys to allow console root logins
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Thu Jul 19 22:05:01 EDT 2001
>Last-Modified:
>Originator: me?
>Organization:
Show quoted text
>Release: krb5-1.2.2
>Environment:
Linux, slackware 7.1, Intel P3>Environment:
System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown
Architecture: i686
Show quoted text
>Description:
default behavior of login.krb5 is to use C library to check /etc/ttys todetermine if root can log in from a particular tty. however, it was a Real
pain to figure out that it only wanted a /etc/ttys file... and then try to
deduce the format! I ended up strace'ing login.krb5 then disecting the C
library to figure out what I hope is the proper syntax of the file.
Show quoted text
>How-To-Repeat:
install login.krb5 as the system /bin/login (symlink...) and try loggingin to a linux console. the login will fail since login.krb5 will not
normally find a /etc/ttys (well, at least on Slackware Linux 7.1)
Show quoted text
>Fix:
Could an example /etc/ttys be included in the distribution perhaps withsome reference docs from login.krb5? It would greatly help any system
integrator attempting to sew kerberos logins into Linux systems. Here's
my /etc/ttys I deduced from glibc's source...:
#<tty> <getty> <type> secure on|off window=<windowval> # comment
console none linux secure
tty1 none linux secure
tty2 none linux secure
tty3 none linux secure
tty4 none linux secure
tty5 none linux secure
tty6 none linux secure
tty7 none linux secure
tty8 none linux secure
tty9 none linux secure
tty10 none linux secure
tty11 none linux secure
tty12 none linux secure
tty13 none linux secure
tty14 none linux secure
tty15 none linux secure
tty16 none linux secure
tty17 none linux secure
tty18 none linux secure
tty19 none linux secure
tty20 none linux secure
tty21 none linux secure
tty22 none linux secure
tty23 none linux secure
tty24 none linux secure
tty25 none linux secure
tty26 none linux secure
tty27 none linux secure
tty28 none linux secure
tty29 none linux secure
tty30 none linux secure
tty31 none linux secure
tty32 none linux secure
tty33 none linux secure
tty34 none linux secure
tty35 none linux secure
tty36 none linux secure
tty37 none linux secure
tty38 none linux secure
tty39 none linux secure
tty40 none linux secure
tty41 none linux secure
tty42 none linux secure
tty43 none linux secure
tty44 none linux secure
tty45 none linux secure
tty46 none linux secure
tty47 none linux secure
tty48 none linux secure
tty49 none linux secure
tty50 none linux secure
tty51 none linux secure
tty52 none linux secure
tty53 none linux secure
tty54 none linux secure
tty55 none linux secure
tty56 none linux secure
tty57 none linux secure
tty58 none linux secure
tty59 none linux secure
tty60 none linux secure
tty61 none linux secure
tty62 none linux secure
tty63 none linux secure
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: