From owner-freebsd-current Fri Aug 9 01:11:37 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA21334 for current-outgoing; Fri, 9 Aug 1996 01:11:37 -0700 (PDT) Received: from frig.mt.cs.keio.ac.jp (frig.mt.cs.keio.ac.jp [131.113.32.7]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA21329 for ; Fri, 9 Aug 1996 01:11:34 -0700 (PDT) Received: (from hosokawa@localhost) by frig.mt.cs.keio.ac.jp (8.6.12+2.4W/3.4Wbeta3) id RAA24106; Fri, 9 Aug 1996 17:11:09 +0900 Date: Fri, 9 Aug 1996 17:11:09 +0900 Message-Id: <199608090811.RAA24106@frig.mt.cs.keio.ac.jp> To: cmadison@tippy2.vnet.net Cc: current@freebsd.org, hosokawa@mt.cs.keio.ac.jp Subject: Re: ftpd won't allow login In-Reply-To: Your message of Fri, 9 Aug 1996 02:37:51 -0400 (EDT). From: hosokawa@mt.cs.keio.ac.jp (HOSOKAWA Tatsumi) X-Mailer: mnews [version 1.18PL3] 1994-08/01(Mon) Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article cmadison@tippy2.vnet.net writes: >> I had a user tell me that he could not login via ftp, but could >> telnet in just fine. So I tried it with my account....I can telnet >> in fine, but when I ftp in, ftp chokes on the password saying: Allowing 'ftp' user's telnet login can be security hole in some cases. For example, if somebody can put .rhost in your ~ftp directory, the intruders can login your machine without password authentication. It can't be a security hole when the host is configured carefully, but it turns to be security hole when the host is carelessly misconfugred. Were not for special reasons, I don't recommend you to allow ftp user's login. -- HOSOKAWA, Tatsumi E-mail: hosokawa@mt.cs.keio.ac.jp WWW homepage: http://www.mt.cs.keio.ac.jp/person/hosokawa.html Department of Computer Science, Keio University, Yokohama, Japan