[1832] in Kerberos_V5_Development
login.krb5 and -f
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Sep 30 17:07:57 1996
Date: Mon, 30 Sep 1996 17:07:52 -0400
From: Sam Hartman <hartmans@MIT.EDU>
To: krbdev@MIT.EDU
For various reasons, my attention was attracted to the login
-e bogosity last night. Apparently, when jtkohl decided to check in
encrypted login changes into krb4 back in 1988, he decided to have
klogind pass the terminal type over the connection, much as it does
with rlogin. To do this, he introduced the -e option which indicated
that login had already preauthenticated the user.
Modern logins have a -f option to deal with indicating that
logins have been preauthenticated. In addition, they allow TERM to
passed down through the environemnt.
To this day, klogind still uses the -e hack to tell login.krb5
to assume login is preauthenticated. Doug Engert submitted patches
to get login.krb5 -f support working with vendor logins. I took these
patches some time before Beta7.
I propose to use this functionality even when login.krb5 is
called by klogind. This requires a change in the behavior of
llogin.krb5 -f. Currently, the -f option to login.krb5 does not allow
preauthenticated root logins. I consider this bogus because vendor
logins do allow login -f to be preauthenticated even as root.
I will introduce changes to this effect fairly shortly. My
question is: does anyone know why this original decision was made? I
will check all current login.krb5 clients (klogind, telnetd) to make
sure they don't allow the -f option to be abused, but I suspect they
do not.
--Sam
