Bug 26201

Summary: telnet SRA password exchange trap when no password
Product: Base System Reporter: remy <remy>
Component: binAssignee: nsayer <nsayer>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.2-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description remy 2001-03-29 17:30:01 UTC 
When using telnet to another 4.2 or 4.3 machine to an account having no
password, the SRA exchange encryption do not allow null password. This
results in telnet desesperatly waiting for a password.

Fix: Workarounds:

a) telnet -X sra <machine>
b) add 'DEFAULT auth disable SRA' in ~/.telnetrc

Here is a patch again telnet.1 about the 'DEFAULT'. Can help 
someone else looking for the same problem:
How-To-Repeat: - Create an account without a password
- telnet to this account
- try to just enter <CR> when password asked
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2003-07-13 06:36:29 UTC 
Responsible Changed
From-To: freebsd-bugs->nsayer

nsayer wrote the SRA support
Comment 2 nsayer freebsd_committer freebsd_triage 2003-11-08 18:21:58 UTC 
State Changed
From-To: open->closed

Generally, SRA uses PAM for its authentication. telnetd is correctly 
passing the information obtained from the user via SRA into PAM. PAM is, 
aparently, deciding not to allow authentication on accounts with null 
passwords. This is probably adjustable in the pam.conf file. Check the 
'telnetd' section (plaintext telnet winds up using the 'login' section, 
since it isn't actually telnet doing the authentication). 

There is a code path in SRA that will reject authentication with passwordless 
accounts, but it is #ifdef'd out when PAM support is turned on, which is 
the default.