--- On Fri, 3/27/09, Robert Watson <rwatson_at_FreeBSD.org> wrote: > From: Robert Watson <rwatson_at_FreeBSD.org> > Subject: Re: Telnet root login > To: "Barney Cordoba" <barney_cordoba_at_yahoo.com> > Cc: mail25_at_bzerk.org, current_at_freebsd.org, ed_at_FreeBSD.org > Date: Friday, March 27, 2009, 8:24 AM > On Thu, 26 Mar 2009, Barney Cordoba wrote: > > > Ok, I have some critical info here. When I set up ttys > with the proper pts/0 setting, I can login are root using > > > > login localhost > > > > however when telnet in from my iMAC, it doesn't > work. It also doesn't give me the "Trying SRA > secure login" from the mac. So it seems its using a > different authentication when I telnet from the MAC. > > Hi Barney (and now also Ed!), > > This indeed appears to be the key. getttyent(3) appears to > properly return the /etc/ttys entry for pts devices, and the > TTY_SECURE flag is properly returned. However, > pam_securetty isn't using a valid tty name string -- it > turns out login, invoked by telnet in the non-SRA case, > assumes it can run the following code to get back the tty > name: > > /* > * Get current TTY > */ > ttyn = ttyname(STDIN_FILENO); > if (ttyn == NULL || *ttyn == '\0') { > (void)snprintf(tname, sizeof(tname), > "%s??", _PATH_TTY); > ttyn = tname; > } > if ((tty = strrchr(ttyn, '/')) != NULL) > ++tty; > else > tty = ttyn; > > The resulting string ("2" in my case) is passed > on to PAM as the tty, and then pam_securetty looks that up > without any success. > > Ed, is this something you could take a look at? It's > not clear to me if the above logic just needs fixing, or if > there are more subtle considerations. > > Thanks, aha! So putting 0 none network secure in /etc/ttys works. That also explains why when doing a 'ps -ax' it shows the tty as 0. I also notice that 'who' is empty when logging in via telnet. When logging in with ssh who correctly shows the entry. I don't know if that is related to the invalid terminal name, but its certainly something that needs to be repaired. BarneyReceived on Fri Mar 27 2009 - 12:02:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC