bin/100496: Fix to get rid of the telnet to cisco problem

cwf-ml at arcor.de cwf-ml at arcor.de
Tue Jul 18 21:00:41 UTC 2006 

>Number:         100496
>Category:       bin
>Synopsis:       Fix to get rid of the telnet to cisco problem
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 18 21:00:28 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Charlie &
>Release:        FreeBSD 6.1-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD xx.xx.xx 6.1-RELEASE-p2 FreeBSD 6.1-RELEASE-p2 #2: Wed Jun 21 10:50:48 CEST 2006 root at xx.xx.xx:/usr/obj/usr/src/sys/DL140LOG i386

	FreeBSD 6.1, along the RELENG_6_1 branch

>Description:
	There is this old and ugly problem that whenever you telnet into
	a cisco box from FreeBSD, you get your login prompt garbled
	by an error message "No default realm defined for Kerberos!"

	This is caused by the cisco box seeing the autologin fields in
	telnet and getting nervous about its own nonexistent kerberos
	settings. The problem appeared somehwere in FreeBSD 3.x, when
	the telnet client started to default to autologin.

	Standard fix back then was to recompile telnet with kerberos
	disabled in /etc/make.conf. This doesn't work any more since
	5.0. Currently there is no documented way to disable autologin
	on a systemwide scale, or even on a user scale using .telnetrc 
	for all possible destinations. 

	In an environment where the main telnet targets are cisco boxes 
	(and many of them) this is major annoyance. 

	The appended fix reverses the default of the telnet client to
	no autologin. Autologin is still possible using the old
	-a option.

	Since autologin does not serve much useful function any more
	in the age of ssh and pam, this change seems sensible.

	( A more perfect would be an /etc/telnetrc and a config
	syntax enhancement that allows global defaults there.)

>How-To-Repeat:
	telnet ciscobox
>Fix:

# --------- cut here ----------------------------------------------
--- contrib/telnet/telnet/main.c.orig   Tue Jul 18 22:19:28 2006
+++ contrib/telnet/telnet/main.c        Tue Jul 18 22:41:11 2006
@@ -138,7 +138,7 @@

        rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
 #ifdef AUTHENTICATION
-       autologin = 1;
+       autologin = 0;
 #else
        autologin = -1;
 #endif
@@ -209,11 +209,7 @@
 #endif
                        break;
                case 'a':
-#ifdef AUTHENTICATION
-                       /* It's the default now, so ignore */
-#else
                        autologin = 1;
-#endif
                        break;
                case 'c':
                        skiprc = 1;
# --------- cut here ----------------------------------------------

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list