From pscott@mail.miketodd.com  Wed Aug  2 22:54:22 2000
Return-Path: <pscott@mail.miketodd.com>
Received: from mail.miketodd.com (ns1.miketodd.com [216.86.202.136])
	by hub.freebsd.org (Postfix) with ESMTP id 1F3E337B6F1
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  2 Aug 2000 22:54:21 -0700 (PDT)
	(envelope-from pscott@mail.miketodd.com)
Received: (from pscott@localhost)
	by mail.miketodd.com (8.9.3/8.9.3) id FAA00622;
	Tue, 1 Aug 2000 05:32:36 -0700 (PDT)
	(envelope-from pscott)
Message-Id: <200008011232.FAA00622@mail.miketodd.com>
Date: Tue, 1 Aug 2000 05:32:36 -0700 (PDT)
From: pscott@the-frontier.org
Sender: pscott@mail.miketodd.com
Reply-To: pscott@the-frontier.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: ftp login incorrect when s/key active but not required
X-Send-Pr-Version: 3.2

>Number:         20372
>Category:       bin
>Synopsis:       ftp login incorrect when s/key active but not required
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 02 23:00:01 PDT 2000
>Closed-Date:    Sun Feb 25 04:24:51 PST 2001
>Last-Modified:  Sun Feb 25 04:25:25 PST 2001
>Originator:     Paul A. Scott <pscott@the-frontier.org>
>Release:        FreeBSD 4.0-RELEASE i386
>Organization:
>Environment:

	FreeBSD mail 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Sun Jun  4 00:17:00 GMT 2000     root@ns1:/usr/src/sys/compile/MIKETODD  i386

>Description:

	If a userid has an s/key, but s/key is not required for login, ftp should allow
	a unix password, but it does not; only the s/key password works. This problem
	does not happen with telnet. telnet allows unix password, ftp does not. Problem
	first noticed on 4.0 release; another machine running 2.2.8 has no problems with
	s/key on either ftp or telnet. 

>How-To-Repeat:

	Enable s/key for a userid dummy.

	Set up /etc/skey.access to allow unix passwords from intranet 192.168.168.0
	for dummy but not from another network.
	
	permit internet 192.168.168.0 255.255.255.0
	deny user dummy
	deny user root
	permit

	From another machine on the 192.168.168.0 network, start an ftp client to the 
	FreeBSD machine with an interface on the same network. 

	Log in as userid dummy. 

	The ftp server issues an s/key challenge BUT DOES NOT REQUIRE an skey, so a
	unix password should be accepted.

	Type in dummy's unix password. The ftp server barfs, saying login incorrect.
	That shouldn't happen. Type in dummy's correct s/key. Dummy gets logged in.
	
	Try telnet between the same two machines. No problem using a unix password.

>Fix:

	Unknown.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: peter 
Responsible-Changed-When: Mon Sep 25 12:02:25 PDT 2000 
Responsible-Changed-Why:  
Orphaned PR 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20372 

From: "Paul A. Scott" <pscott@the-frontier.org>
To: <freebsd-gnats-submit@FreeBSD.org>,
	"Paul A. Scott" <pscott@the-frontier.org>
Cc:  
Subject: Re: bin/20372: ftp login incorrect when s/key active but not required
Date: Sat, 13 Jan 2001 14:52:41 -0800

 This problem (bin/20372) appears to be a duplicate of misc/20333.
 
 See http://www.freebsd.org/cgi/query-pr.cgi?20333 for more details.
 
 
 
 
 
 
State-Changed-From-To: open->closed 
State-Changed-By: johan 
State-Changed-When: Sun Feb 25 04:24:51 PST 2001 
State-Changed-Why:  
Duplicate of misc/20333. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=20372 
>Unformatted:
