telnetd does know the filename but it does not know which user the file should be owned by. > > Could telnetd create the cache file and keep it open, thus obviating the > need for it to know its future file name? Or perhaps an open Unix socket > that PAM_KRB5 could use to communicate back to telnetd. > > If this can be done strictly through PAM and specifying some > requirements for /bin/login, then a /bin/login that behaves like Solaris > 2.6's (or later) would do fine, provided there's a suitable PAM_KRB5... > > Another alternative is to suck /bin/login into telnetd. But if this > problem can be solved between telnetd and PAM, then there's no need to > replace a vendor's /bin/login, provided that /bin/login does the Right > Things (tm) with PAM. > > Nico > > > On Tue, Aug 15, 2000 at 11:51:29AM -0400, Jeffrey Altman wrote: > > > I had no idea that telnetd could do this. > > > > The current one does not, but I am working on one that does (with Ken > > Raeburn). > > > > > This presents a problem though, doesn't it? If /bin/login does all the > > > work, then how can telnetd find what name was ultimately given to the > > > credentials cache file, or even if login succeed at all? > > > > Bingo. You have hit the nail on the head. Right now the way things > > work is that telnetd creates the credential cache file and passes its > > name as an environment variable. /bin/login (the customized version) > > changes the ownership of the credential cache file before it executes > > the user's shell. > > > > So /bin/login is not doing all of the work. Just part of it. telnetd > > is very well aware of the name of the cache file. It just needs to > > switch to the user's account, update the file, and switch back to > > 'root'. The problem is that telnetd does not necessarily know the > > account the user is logged into. This can be the case when the user > > authenticates but does not specify a username to use for login; or if > > the username specified is not authorized for the provided credentials. > > > > > > > > Jeffrey Altman * Sr.Software Designer > > The Kermit Project * Columbia University > > 612 West 115th St * New York, NY * 10025 * USA > > http://www.kermit-project.org/ * kermit-support@kermit-project.org > > > -- > Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * kermit-support@kermit-project.org
