On Thu, 26 Mar 2009, Barney Cordoba wrote: > Ok, I have some critical info here. When I set up ttys with the proper pts/0 > setting, I can login are root using > > login localhost > > however when telnet in from my iMAC, it doesn't work. It also doesn't give > me the "Trying SRA secure login" from the mac. So it seems its using a > different authentication when I telnet from the MAC. Hi Barney (and now also Ed!), This indeed appears to be the key. getttyent(3) appears to properly return the /etc/ttys entry for pts devices, and the TTY_SECURE flag is properly returned. However, pam_securetty isn't using a valid tty name string -- it turns out login, invoked by telnet in the non-SRA case, assumes it can run the following code to get back the tty name: /* * Get current TTY */ ttyn = ttyname(STDIN_FILENO); if (ttyn == NULL || *ttyn == '\0') { (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); ttyn = tname; } if ((tty = strrchr(ttyn, '/')) != NULL) ++tty; else tty = ttyn; The resulting string ("2" in my case) is passed on to PAM as the tty, and then pam_securetty looks that up without any success. Ed, is this something you could take a look at? It's not clear to me if the above logic just needs fixing, or if there are more subtle considerations. Thanks, Robert N M Watson Computer Laboratory University of CambridgeReceived on Fri Mar 27 2009 - 11:24:53 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC