Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 2.22. What is the difference between the "-a valid" and the "-a user" flags for telnetd?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Property taxes ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.21. How do a rename a principal?
Next Document: 2.23. I already have a standard Unix password database for my user population. Can I convert this to a Kerberos password database?
See reader questions & answers on this topic! - Help others by sharing your knowledge

In the current MIT release, there is no difference due to a bug in telnetd.
Here's a patch that fixes this and makes the these flags behave according to
the man page.

Index: lib/appl/telnet/libtelnet/kerberos.c
===================================================================
--- kerberos.c  1997/06/02 21:54:38     1.1.1.1
+++ kerberos.c  1997/08/25 23:12:44     1.3
@@ -435,8 +430,15 @@
        if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
                strcpy(name, UserNameRequested);
                return(AUTH_VALID);
-       } else
+       } else {
+               /*
+                * Always copy in UserNameRequested if the authentication
+                * is valid, because the higher level routines need it.
+                */
+               if (UserNameRequested)
+                       strcpy(name, UserNameRequested);
                return(AUTH_USER);
+       }
 }

 #define        BUMP(buf, len)          while (*(buf)) {++(buf), --(len);}
Index: lib/appl/telnet/libtelnet/kerberos5.c
===================================================================
--- kerberos5.c 1997/12/15 18:51:31     1.1.1.2
+++ kerberos5.c 1997/12/15 19:15:50     1.4
@@ -682,8 +690,16 @@
        {
                strcpy(name, UserNameRequested);
                return(AUTH_VALID);
-       } else
+       } else {
+               /*
+                * Always copy in UserNameRequested if the authentication
+                * is valid, because the higher level routines need it.
+                */
+               if (UserNameRequested)
+                       strcpy(name, UserNameRequested);
+
                return(AUTH_USER);
+       }
 }

 #define        BUMP(buf, len)          while (*(buf)) {++(buf), --(len);}

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA