From owner-freebsd-stable Sun Mar 18 11:44:35 2001 Delivered-To: freebsd-stable@freebsd.org Received: from xena.gsicomp.on.ca (cr677933-a.ktchnr1.on.wave.home.com [24.43.230.149]) by hub.freebsd.org (Postfix) with ESMTP id 2DDCB37B718 for ; Sun, 18 Mar 2001 11:44:32 -0800 (PST) (envelope-from matt@gsicomp.on.ca) Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.1/8.9.3) with SMTP id f2IJghi82017; Sun, 18 Mar 2001 14:42:43 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <007c01c0afe3$45bdfd90$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Nick Sayer" , References: <006e01c0af4b$b0f6dbb0$1200a8c0@gsicomp.on.ca> <3AB4D50F.1060704@quack.kfu.com> Subject: Re: What about SRP auth for telnet and ftp? [was Re: SRA auth ] Date: Sun, 18 Mar 2001 14:40:19 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Matthew Emmerton wrote: > > > Would anyone be interested in seeing SRP functionality added? > The nice thing about patching telnet to add authentication > types is that the actual patching is fairly limited -- the code just > sort of lays alongside the rest in libtelnet. Yes, that's a definite plus when it comes to maintainance! > But if you're going to bother, the first thing you should do is add some > better session encryption. The telnetd that comes with the SRP distribution supports a ton of stuff, including SSL/TLS, DES3 and CAST. A quick scan shows that the majority of code uses a BSD-style licence, which is good. I'll have to hook up with the telnetd maintainer on this. The only monkey wrench is that SRP uses a new password-file format (Exponential Password Suite). I'm thinking that the better way is to add support for 'eps' passwords via /etc/login.conf (just as md5 and des passwords are supported), and ensure that the appropriate libraries are around to handle this case. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message