(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.
Submitted by: Andrew J. Korty <ajk@iu.edu>
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)
PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.
SRA was originally developed at Texas A&M University.
This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).
SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations. It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps. The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.
A similar change was incorporated in the non-crypto version of telnetd.
This resolves bin/771 and bin/1037.
I am not going to commit anything to this area for a few days.
This is because
1) I want everyone to be DARN sure there is no export of crypto
that may get our USA friends it trouble.
2) I have been asked by the folk developing KTH-eBones to hold off
for their new release.
Worked with: rkw, jdp
CVS:
CVS: