I've been thinking about modifying telnetd to use PAM to control which authentication methods telnetd should offer the client. This is to get around the fact that the telnet protocol says that the server supplies the list, but the client gets to choose one from the list. I'm also thinking about doing the same for FTP. Example: auth required /lib/security/pam_telnetd_auth.so choices=srp,krb5,none auth sufficient /lib/security/pam_telnetd_auth.so used=srp,krb5 auth required /lib/security/pam_unix.so ... Can anyone see problems in what I would like to do? -- Scott Nelson
