Telnet root login

Robert Watson rwatson at
Fri Mar 27 05:24:54 PDT 2009

On Thu, 26 Mar 2009, Barney Cordoba wrote:

> Ok, I have some critical info here. When I set up ttys with the proper pts/0 
> setting, I can login are root using
> login localhost
> however when telnet in from my iMAC, it doesn't work. It also doesn't give 
> me the "Trying SRA secure login" from the mac. So it seems its using a 
> different authentication when I telnet from the MAC.

Hi Barney (and now also Ed!),

This indeed appears to be the key.  getttyent(3) appears to properly return 
the /etc/ttys entry for pts devices, and the TTY_SECURE flag is properly 
returned.  However, pam_securetty isn't using a valid tty name string -- it 
turns out login, invoked by telnet in the non-SRA case, assumes it can run the 
following code to get back the tty name:

          * Get current TTY
         ttyn = ttyname(STDIN_FILENO);
         if (ttyn == NULL || *ttyn == '\0') {
                 (void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
                 ttyn = tname;
         if ((tty = strrchr(ttyn, '/')) != NULL)
                 tty = ttyn;

The resulting string ("2" in my case) is passed on to PAM as the tty, and then 
pam_securetty looks that up without any success.

Ed, is this something you could take a look at?  It's not clear to me if the 
above logic just needs fixing, or if there are more subtle considerations.


Robert N M Watson
Computer Laboratory
University of Cambridge

More information about the freebsd-current mailing list