preventing non-Kerberos logins in telnetd
John Hascall
john at iastate.edu
Thu Jan 9 17:47:34 EST 2003
> Is there a way to configure my system (Debian GNU/Linux) /
> krb5_telnetd so that it doesnt permit non-Kerberos logins?
This isn't the answer to the question you asked, but here's
what I did on my system to disallow non-encrypted connections
(which might be what you really want):
I added '-e required' as an option to telnetd.
Sorry, I've got a buncg of other changes in mine,
so I can't give a really diff, but the changes are
pretty minor (add 5 lines, change 2) all in telnetd.c:
:
:
int maxhostlen = 0;
int always_ip = 0;
int stripdomain = 1;
int encryption_required = 0; /* ADD THIS LINE */
:
:
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int encrypt_debug_mode;
encrypt_debug_mode = 1;
break;
}
if (strcmp(optarg, "required") == 0) { /* ADD THIS */
encryption_required = 1; /* ADD THIS */
break; /* ADD THIS */
} /* ADD THIS */
:
:
#ifdef AUTHENTICATION
fprintf(stderr, " [-e (debug|required)]"); /* EDIT THIS */
#endif
:
:
/*
* Wait for the negotiation of what type of encryption we can
* send with. If autoencrypt is not set, this will just return.
*/
if (his_state_is_will(TELOPT_ENCRYPT)) {
encrypt_wait();
}
if (encryption_required || auth_must_encrypt()) { /* EDIT THIS */
More information about the Kerberos
mailing list