From nobody@FreeBSD.org  Thu Mar 29 08:22:21 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 32EC637B71F
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 29 Mar 2001 08:22:21 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2TGMLN49032;
	Thu, 29 Mar 2001 08:22:21 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200103291622.f2TGMLN49032@freefall.freebsd.org>
Date: Thu, 29 Mar 2001 08:22:21 -0800 (PST)
From: remy@boostworks.com
To: freebsd-gnats-submit@FreeBSD.org
Subject: telnet SRA password exchange trap when no password
X-Send-Pr-Version: www-1.0

>Number:         26201
>Category:       bin
>Synopsis:       telnet SRA password exchange trap when no password
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    nsayer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 29 08:30:01 PST 2001
>Closed-Date:    Sat Nov 08 10:26:01 PST 2003
>Last-Modified:  Sat Nov 08 10:26:01 PST 2003
>Originator:     Remy Nonnenmacher
>Release:        4.2-STABLE, 4.3-RC
>Organization:
Boostworks
>Environment:
FreeBSD rn.lxlun.boostworks.com 4.3-RC FreeBSD 4.3-RC #0: Thu Mar 29 01:19:26 CEST 2001     root@rn.lxlun.boostworks.com:/usr/src/sys/compile/RN  i386

>Description:
When using telnet to another 4.2 or 4.3 machine to an account having no
password, the SRA exchange encryption do not allow null password. This
results in telnet desesperatly waiting for a password.
>How-To-Repeat:
- Create an account without a password
- telnet to this account
- try to just enter <CR> when password asked

>Fix:
Workarounds:

a) telnet -X sra <machine>
b) add 'DEFAULT auth disable SRA' in ~/.telnetrc

Here is a patch again telnet.1 about the 'DEFAULT'. Can help 
someone else looking for the same problem:

--- telnet.1.original   Tue Mar  6 13:52:58 2001
+++ telnet.1    Thu Mar 29 13:53:31 2001
@@ -604,7 +604,8 @@
 commands and are processed as if they had been typed
 in manually to the
 .Nm
-command prompt.
+command prompt. The word DEFAULT can be used to match
+any machine name.
 .It Ic quit
 Close any open
 .Tn TELNET

 

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->nsayer 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Jul 12 22:36:29 PDT 2003 
Responsible-Changed-Why:  
nsayer wrote the SRA support 

http://www.freebsd.org/cgi/query-pr.cgi?pr=26201 
State-Changed-From-To: open->closed 
State-Changed-By: nsayer 
State-Changed-When: Sat Nov 8 10:21:58 PST 2003 
State-Changed-Why:  
Generally, SRA uses PAM for its authentication. telnetd is correctly 
passing the information obtained from the user via SRA into PAM. PAM is, 
aparently, deciding not to allow authentication on accounts with null 
passwords. This is probably adjustable in the pam.conf file. Check the 
'telnetd' section (plaintext telnet winds up using the 'login' section, 
since it isn't actually telnet doing the authentication). 

There is a code path in SRA that will reject authentication with passwordless 
accounts, but it is #ifdef'd out when PAM support is turned on, which is 
the default. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=26201 
>Unformatted:
