There is this old and ugly problem that whenever you telnet into a cisco box from FreeBSD, you get your login prompt garbled by an error message "No default realm defined for Kerberos!" This is caused by the cisco box seeing the autologin fields in telnet and getting nervous about its own nonexistent kerberos settings. The problem appeared somehwere in FreeBSD 3.x, when the telnet client started to default to autologin. Standard fix back then was to recompile telnet with kerberos disabled in /etc/make.conf. This doesn't work any more since 5.0. Currently there is no documented way to disable autologin on a systemwide scale, or even on a user scale using .telnetrc for all possible destinations. In an environment where the main telnet targets are cisco boxes (and many of them) this is major annoyance. The appended fix reverses the default of the telnet client to no autologin. Autologin is still possible using the old -a option. Since autologin does not serve much useful function any more in the age of ssh and pam, this change seems sensible. ( A more perfect would be an /etc/telnetrc and a config syntax enhancement that allows global defaults there.) Fix: # --------- cut here ---------------------------------------------- rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE; #ifdef AUTHENTICATION - autologin = 1; + autologin = 0; #else autologin = -1; #endif @@ -209,11 +209,7 @@ #endif break; case 'a': -#ifdef AUTHENTICATION - /* It's the default now, so ignore */ -#else autologin = 1; -#endif break; case 'c': skiprc = 1; # --------- cut here ------------------------------------------------fVWXgefUlAPKRSTHqYIbM7lj0T2g5V6kmRj8f8IQL4ieVoBw Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- contrib/telnet/telnet/main.c.orig Tue Jul 18 22:19:28 2006 +++ contrib/telnet/telnet/main.c Tue Jul 18 22:41:11 2006 @@ -138,7 +138,7 @@ How-To-Repeat: telnet ciscobox
addenda: - someone told me to use -K. This isn't what this submission is about, the very point is _not_ to be forced to use -K all the time, and not beeing to forced to change any telnet using script ported from another system. - reading the code I noted a DEFAULT keyword matching all hosts in .telnetrc (at least it looks that way). This is undocumented and also not system wide available. But someone might want to update the man page accordingly. --CWF
maxim 2006-09-18 15:03:18 UTC FreeBSD src repository Modified files: contrib/telnet/telnet telnet.1 Log: o Mention .telnetrc DEFAULT keyword. PR: bin/100496 (sort of) Obtained from: NetBSD, heas@netbsd MFC after: 3 weeks Revision Changes Path 1.19 +8 -1 src/contrib/telnet/telnet/telnet.1 _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Any plans to MFC this?
On Thu, 28 Sep 2006, 18:34+0100, Bruce M Simpson wrote: > Any plans to MFC this? From the commit log: maxim 2006-09-18 15:03:18 UTC [...] MFC after: 3 weeks -- Maxim Konovalov
State Changed From-To: open->closed This was patched and MFC'd to 6.x over a year ago
----- Forwarded message from "C. Weber" <cwf-ml@arcor.de> ----- To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: bin/100496: plese reopen this PR. The patch was NOT commtted. The Problem is NOT fixed Hello, Please reopen this PR. he patch was *not* committed (neither to HEAD nor elsewhere). The problem is still there and has *not* been fixed! 1.) The problem is still there: # ------------- wefa@XXX 21:01 [~]uname -a FreeBSD XXX.tnd.lab.arcor.de 6.3-RELEASE FreeBSD 6.3-RELEASE #4: Tue Jan 29 19:48:42 CET 2008 wefa@XXX.tnd.lab.arcor.de:/usr/obj/usr/src/sys/DL140LOG i386 wefa@XXX 21:26 [~]telnet sw2 Trying 192.168.50.25... Connected to sw2 Escape character is '^]'. User Access Verification Password: Kerberos: No default realm defined for Kerberos! # ------------- 2.) The patch was neither committed nor MFCd. The comments in the PR regarding commit/mfc only refer to a mini patch by a third party who JUST UPDATES THE MAN PAGE (documenting the DEFAULT keyword). While this is a good thing, it doesn't solve the problem. Please reopen this PR, apply the patch (will need cosmetic changes to work against 6.2, 6.3 or HEAD) and MFC it. Regards Christoph Weber-Fahr _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" ----- End forwarded message -----
State Changed From-To: closed->open Apparently the commit did not fix the problem.
Responsible Changed From-To: freebsd-bugs->linimon Try to investigate.
Hi, On Tue, 29 Jan 2008, 21:33+0100, C. Weber wrote: > Hello, > > gavin@FreeBSD.org schrieb am 29.01.2008 15:16:58: > > > Synopsis: [patch] Fix to get rid of the telnet(1) to cisco problem > > > State-Changed-From-To: open->closed > > State-Changed-By: gavin > > State-Changed-When: Tue Jan 29 14:16:19 UTC 2008 > > State-Changed-Why: > > This was patched and MFC'd to 6.x over a year ago > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=100496 > > Please reopen this PR. he patch was *not* committed (neither to HEAD nor > elsewhere). The problem is still there and has *not* been fixed! > > 1.) The problem is still there: > > # ------------- > wefa@XXX 21:01 [~]uname -a > FreeBSD XXX.tnd.lab.arcor.de 6.3-RELEASE FreeBSD 6.3-RELEASE #4: > Tue Jan 29 19:48:42 CET 2008 > wefa@XXX.tnd.lab.arcor.de:/usr/obj/usr/src/sys/DL140LOG i386 > > wefa@XXX 21:26 [~]telnet sw2 > Trying 192.168.50.25... > Connected to sw2 > Escape character is '^]'. > > > User Access Verification > > Password: Kerberos: No default realm defined for Kerberos! > # ------------- > > > 2.) The patch was neither committed nor MFCd. > > The comments in the PR regarding commit/mfc only refer to a mini patch by > a third party who JUST UPDATES THE MAN PAGE (documenting the DEFAULT keyword). > While this is a good thing, it doesn't solve the problem. > > Please reopen this PR, apply the patch (will need cosmetic changes to > work against 6.2, 6.3 or HEAD) and MFC it. > To make it clear: I did not claim I was going to commit your patch. I just committed a man page update that could help to solve your problem with telnet. That was why I didn't change PR state from "open" to "patched". And I MFC'ed my delta. Second. Have you actually tried the suggested solution? I mean put "DEFAULT toggle autologin" in your ~/.telnetrc? Did it suit you or not? Thanks. -- Maxim Konovalov
Hello, Maxim Konovalov <maxim@macomnet.ru> schrieb am 30.01.2008 15:26:46: [quoting me] > > > Synopsis: [patch] Fix to get rid of the telnet(1) to cisco problem > > > > > State-Changed-From-To: open->closed > > > State-Changed-By: gavin > > > State-Changed-When: Tue Jan 29 14:16:19 UTC 2008 > > > State-Changed-Why: > > > This was patched and MFC'd to 6.x over a year ago > > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=100496 > > > > Please reopen this PR. he patch was *not* committed (neither to HEAD nor > > elsewhere). The problem is still there and has *not* been fixed! [...] > > 2.) The patch was neither committed nor MFCd. [...] > To make it clear: I did not claim I was going to commit your patch. Indeed. As far as I am concerned I understood it this way back then when this email exchange happened. OTOH, Gavin, who closed the PR, apparently didn't understand it that way and closed the PR based on this misconception. So I tried to make it clear. > Second. Have you actually tried the suggested solution? Yes, of course. And it works as advertized. It does not solve my problem, though. > I mean put "DEFAULT toggle autologin" in your ~/.telnetrc? > Did it suit you or not? No. I informally administrate a number of multiuser systems in Lab environments. Personally administrating all my user's home directories is not feasible. And I keep getting immediate complaints whenever I update the system (via build/install world) and do not directly reapply my patch, because scripts break and people are generally annoyed. And even with few/single user systems it is yet just another thing you have to correct manually whenever installing a new machine (which we do often in test envoronments). One complaint I keep getting and can't and won't counter is "it works with our Suns and Linux systems, why doesn't it work here". Yes, indeed, why doesn't it. So let me give the question back (since you probably have the necessary insight to answer it) - why is it so darned complicated to apply a straightforward and simple patch that hurts noone and removes a years old constant annoyance ? What, actually, *is* the reason this PR keeps lingering around instead of beeing committed ? Regards Christoph Weber-Fahr
State Changed From-To: open->analyzed Confirmed to still be a problem.
Responsible Changed From-To: linimon->freebsd-bugs
For bugs matching the following conditions: - Status == In Progress - Assignee == "bugs@FreeBSD.org" - Last Modified Year <= 2017 Do - Set Status to "Open"
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>