Re: Need help on enhancing Telnet with srp
On Tue, 9 Sep 2003 16:53, Marc Singer wrote:
> Tar said, I am not sure that what you want to do is possible with
> Telnet as the telnet protocol is content-free. That is to say that it
> has no knowledge of when the user is sending a password and when the
> user is sending some other type of data. As far as Telnet is
> concerned, the connection between the client and server is a simple
> bi-directional stream. (I know this isn't entirely true, but close
> enough in this case.) You probably need to write a new daemon to go
> with your client.
TELNET is an extensible protocol that allows many different options to be
negotiated and transferred. Passwords are one option and RFC2944 is quite
clear about how it works.
Getting a telnet client and server to do this shouldn't be too difficult,
although it may require combining the functionality of telnetd and /bin/login
which will require some minor changes to the way things work. But that's not
insurmountable.
I suggest that the first thing to do is to modify the telnetd to have a dummy
login. EG have a fixed user-name/password before it does the usual telnetd
thing, and run it with the option "-L /bin/bash". That will provide a good
test bed for the modified telnet client. Once the client is tested and has
been shown to work correctly then you can do the hard work (modifying telnetd
and maybe merging /bin/login code) with a good test program.
Also I suggest submitting the changes for the telnet client to Debian before
writing the telnetd code. A telnet client with this functionality will be
useful even if Debian contains no server code for RFC2944, I'm sure that
other systems include server code and making Debian systems run as a client
will be a useful addition.
> On Mon, Sep 08, 2003 at 08:51:51PM -0700, polavarapu deepti wrote:
> > I have been going through RFC2944 for telenet
> > authentication:srp. I have already written code
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: