Date: Tue, 18 Jul 2006 22:51:21 +0200 (CEST) From: cwf-ml@arcor.de To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/100496: Fix to get rid of the telnet to cisco problem Message-ID: <20060718205121.7675D1701C@login.ivr.lab.arcor.net> Resent-Message-ID: <200607182100.k6IL0TDY060448@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 100496
>Category: bin
>Synopsis: Fix to get rid of the telnet to cisco problem
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 18 21:00:28 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Charlie &
>Release: FreeBSD 6.1-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD xx.xx.xx 6.1-RELEASE-p2 FreeBSD 6.1-RELEASE-p2 #2: Wed Jun 21 10:50:48 CEST 2006 root@xx.xx.xx:/usr/obj/usr/src/sys/DL140LOG i386
FreeBSD 6.1, along the RELENG_6_1 branch
>Description:
There is this old and ugly problem that whenever you telnet into
a cisco box from FreeBSD, you get your login prompt garbled
by an error message "No default realm defined for Kerberos!"
This is caused by the cisco box seeing the autologin fields in
telnet and getting nervous about its own nonexistent kerberos
settings. The problem appeared somehwere in FreeBSD 3.x, when
the telnet client started to default to autologin.
Standard fix back then was to recompile telnet with kerberos
disabled in /etc/make.conf. This doesn't work any more since
5.0. Currently there is no documented way to disable autologin
on a systemwide scale, or even on a user scale using .telnetrc
for all possible destinations.
In an environment where the main telnet targets are cisco boxes
(and many of them) this is major annoyance.
The appended fix reverses the default of the telnet client to
no autologin. Autologin is still possible using the old
-a option.
Since autologin does not serve much useful function any more
in the age of ssh and pam, this change seems sensible.
( A more perfect would be an /etc/telnetrc and a config
syntax enhancement that allows global defaults there.)
>How-To-Repeat:
telnet ciscobox
>Fix:
# --------- cut here ----------------------------------------------
--- contrib/telnet/telnet/main.c.orig Tue Jul 18 22:19:28 2006
+++ contrib/telnet/telnet/main.c Tue Jul 18 22:41:11 2006
@@ -138,7 +138,7 @@
rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
#ifdef AUTHENTICATION
- autologin = 1;
+ autologin = 0;
#else
autologin = -1;
#endif
@@ -209,11 +209,7 @@
#endif
break;
case 'a':
-#ifdef AUTHENTICATION
- /* It's the default now, so ignore */
-#else
autologin = 1;
-#endif
break;
case 'c':
skiprc = 1;
# --------- cut here ----------------------------------------------
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060718205121.7675D1701C>