Hi Andrey and PAM list, I'm sorry, but my time available to work on this project had shrunk down to zero (and still is), so I don't have code to share. It is still on my list of things to do so perhaps in the future... The problem with telnet authentication is that it does not work well with PAM: PAM wants to be able to control the authentication selection and timing, and so does telnetd. Telnetd want's to get the remote system the choice of authentication scheme from a list of choices; PAM wants to be able to sequentially use the system administrator's choices of authentication schemes, some are required and others are not. This is why you don't see a PAM'ified telnetd. > Hello Scott. > Sorry for direct call and my bad english. > I am seeking PAM modules for servers based on the telnet protocol. > I`m trying to implement server based on RFC 2217 "Telnet Com Port Control > > Option" , which allows serial ports sharing over TCP/IP networks. > At this time server is in alfa testing. > > According to RFCs 2941 (and previous 1416 ....) telnet protocol has > Telnet Authentication Option. > > I had done some reading and found Yours letters in thread with subject: > "Telnetd and PAM (Mon Feb 19 2001)" > (http://archives.neohapsis.com/archives/pam-list/2001-02/thread.html#97) > ----------------------------------original > message------------------------ > From: SBNelson@thermeon.com > Date: Mon Feb 19 2001 - 15:44:19 CST > > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] > > I've been thinking about modifying telnetd to use PAM to control which > authentication methods telnetd should offer the client. This is to get > around the fact that the telnet protocol says that the server supplies the > list, but the client gets to choose one from the list. I'm also thinking > about doing the same for FTP. > > Example: > auth required /lib/security/pam_telnetd_auth.so > choices=srp,krb5,none > auth sufficient /lib/security/pam_telnetd_auth.so > used=srp,krb5 > auth required /lib/security/pam_unix.so ... > > Can anyone see problems in what I would like to do? > > -- > Scott Nelson > ----------------------------------original > message------------------------ > > I`m very interested in this. Have you written any code? > Is this code GPLed or other Public licenses? > Would you like some help? I`m new in PAM, but I can do > some testing and may be coding (I`m novice in PAM and system programming > for > Unixes). > All samples, that I had found assumes interactive login and > all auth done by login utilite, but I don`t understand why? > In case I`m using something like kerberos, I don`t need to interact with > user > to allow him access for some resources, like in my case. All this done by > kerberos. And if PAM modules like in Your posting are implemented, > services > based on telnet protocol can be done easy. > May be this part of the telnet protocol can be done by PAM with some > callbacks in conversation module to application to send replay to client? > May be You have some links, related to such using PAM? > Can You share this information? > > Sorry for long posting. > > With best regards. > Andrey Kaminsky. > Riga, Latvia. (exUSSR) > > > > Best regards, > Andrey mailto:and@fis.lv >
