From owner-freebsd-questions Fri Feb 1 14:59:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from fremont.bolingbroke.com (adsl-216-102-90-210.dsl.snfc21.pacbell.net [216.102.90.210]) by hub.freebsd.org (Postfix) with ESMTP id AFAAB37B405 for ; Fri, 1 Feb 2002 14:59:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fremont.bolingbroke.com (8.12.1/8.12.1) with ESMTP id g11MwZ6m090338; Fri, 1 Feb 2002 14:58:35 -0800 (PST) Date: Fri, 1 Feb 2002 14:58:35 -0800 (PST) From: Ken Bolingbroke X-X-Sender: ken@fremont.bolingbroke.com To: Mark Boolootian Cc: freebsd-questions@FreeBSD.ORG Subject: Re: where does authentication happen in telnetd? In-Reply-To: <20020201135216.A87933@root.ucsc.edu> Message-ID: <20020201145526.L86508-100000@fremont.bolingbroke.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 1 Feb 2002, Mark Boolootian wrote: > Can anyone give me a general pointer to where in telnetd the user > is authenticated (assuming normal authentication is being used)? I'm > looking at the code in /usr/src/libexec/telnetd > > Maybe I should ask the meta question: I've got a box which can normally > only accessed via ssh. I want to allow telnet access to a specific > account (for providing network status). The only way I can think of > to accomplish this is to hack the telnet daemon to permit only this one > user. Are there any alternatives? You might want to look into PAM (see the man page for PAM(5)), as this would give you the flexibility to do things like you want, and in particular, you won't need to hack telnetd--at worse, you'd only end up writing your own PAM module and then configure /etc/pam.conf to use it. Ken Bolingbroke hacker@bolingbroke.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message