Kerberized telnetd: -a valid option & eight char limit on account

Jeffrey Altman jaltman2 at
Fri Oct 22 11:49:18 EDT 2004

hwntw wrote:

> Jeffrey Altman <jaltman2 at> wrote in message news:<CrWdd.89918$Ot3.63537 at>...
>>Which Microsoft telnet.exe are you using that supports Kerberos 5 
>>authentication?  As far as I am aware, the Microsoft telnet.exe
>>only supports NTLM.
>>Jeffrey Altman
> The Kerberos bit comes in because Vintela vas authentication is
> essentially Kerberos auth. If I log in and do klist I get< Ticket
> cache: FILE:/tmp/krb5cc_1001_SQ2421
> Default principal: [xxx]@PARLIAMENT.UK
> Valid starting     Expires            Service principal
> 10/22/04 10:00:13  10/22/04 20:00:14 
>         renew until 10/23/04 10:00:13
>  >
> That is the result of the VIntela product authenticating to Active
> Directory. Point is I telnet using a kerberised telnetd from the MIT
> distribution. Praps I am being unrealistic in expecting the -a valid
> argument to telnetd to work in this case. Nevertheless, the issue of
> the eight char limit on accounts names is still germane, as this is a
> Kerberos telnetd we are talking about, not the in.telnetd that comes
> with Solaris 9 (and which does not work at all with Vintela VAS). I
> should have mentioned that ssh connections do not exhibit this eight
> char account name limit
> Best
> Colin

The Vintela product is performing a Kerberos initial ticket request
upon login.  The telnet session is not being authenticated using 
Kerberos.  You are typing in a user name and password.

I am not aware of any restrictions on the length of the user name
in MIT's telnetd.  In particular, because telnetd does not know anything
about usernames.  The username is determined by the text entered into
the 'login' program on the machine.  'login' more then likely is being
replaced by Vintela.

This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list