"authenticated tftp"

[Maxim Konovalov]

On Fri, 25 Jul 2003, 13:22-0400, Robert Watson wrote:

>
> Yeah, seems like an oxy-moron, but this is a legitimate question, I
> promise.  My linksys wireless router requires me to disable the admin
> password on it to tftp a firmware update to it--however, the Windows tftp
> client that Linksys ships appear to support some form of "Oh yeah, and
> here's a password".  It probably really doesn't make a difference
> security-wise, but it would be a lot more convenient to update wireless
> routers if our tftp client spoke whatever extension they use to carry the
> password.  Does anyone know anything about that protocol extension, or if
> there are existing tweaks to add it to our tftp?  (I saw nothing in the
> man page).  If there's a pointer to the on-the-write bits, I can always
> stick it in myself, but I have yet to find one.

There are several tftp extension that NetBSD folk integrated to their
tftpd/tftp recently.  IIRC they were

2347 TFTP Option Extension. G. Malkin, A. Harkin. May 1998. (Format:
2348 TFTP Blocksize Option. G. Malkin, A. Harkin. May 1998. (Format:
2349 TFTP Timeout Interval and Transfer Size Options. G. Malkin, A.

I know nothing about auth extension yet but the protocol is quite
simple (trivial :-)) and if you get a dump of udp session between the
router and windows tftp client it would be easy incorporate this one.

-- 
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org