From owner-freebsd-bugs Mon Jul 31 22:40: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id EC2BF37BE35 for ; Mon, 31 Jul 2000 22:40:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id WAA51655; Mon, 31 Jul 2000 22:40:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 5552637B59B; Mon, 31 Jul 2000 22:38:01 -0700 (PDT) Message-Id: <20000801053801.5552637B59B@hub.freebsd.org> Date: Mon, 31 Jul 2000 22:38:01 -0700 (PDT) From: pscott@the-frontier.org To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/20333: ftp login fails on unix password when s/key active but not required Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20333 >Category: misc >Synopsis: ftp login fails on unix password when s/key active but not required >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jul 31 22:40:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Paul A. Scott >Release: FreeBSD 4.0-RELEASE i386 >Organization: >Environment: FreeBSD mail 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Sun Jun 4 00:17:00 GMT 2000 root@ns1:/usr/src/sys/compile/MIKETODD >Description: If a userid has an s/key, but s/key is not required for login, ftp should allow a unix password, but it does not; only the s/key password works. This problem does not happen with telnet. telnet allows unix password, ftp does not. Problem first noticed on 4.0 release; another machine running 2.2.8 has no problems with s/key on either ftp or telnet. >How-To-Repeat: Enable s/key for a userid dummy. Set up /etc/skey.access to allow unix passwords from intranet 192.168.168.0 for dummy but not from another network. permit internet 192.168.168.0 255.255.255.0 deny user dummy deny user root permit From another machine on the 192.168.168.0 network, start an ftp client to the FreeBSD machine with an interface on the same network. Log in as userid dummy. The ftp server issues an s/key challenge BUT DOES NOT REQUIRE an skey, so a unix password should be accepted. Type in dummy's unix password. The ftp server barfs, saying login incorrect. That shouldn't happen. Type in dummy's correct s/key. Dummy gets logged in. Try telnet between the same two machines. No problem using a unix password. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message