Manualshelf

HP-UX Remote Access Services Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
21222324252627282930
Kerberos-Specific Options
By default, the Kerberos version of telnet behaves as a client that supports
authentication based on Kerberos. You can enable Kerberos authentication to telnet
by using the -a or -l option. As a Kerberos client, telnet authenticates and authorizes
a user to access the remote system. For more information on Kerberos authentication
and authorization, type man 5 sis at the HP-UX prompt.
However, telnet does not support integrity checks and encrypted sessions. The
default Kerberos options for the applications are set in the /etc/krb5.conf
configuration file. You can set the -a, -f, and -F options under the appdefaults
section in the /etc/krb5.conf file with the tag names autologin, forward, and
forwardable, respectively. For more information on the appdefaults section, type
man 4 krb5.conf at the HP-UX prompt.
You can also set the fallback option in the /etc/krb5.conf file within the
appdefault section. If the fallback option is set to true and the Kerberos
authentication fails, telnet uses the non-secure mode of authentication.
For detailed information on telnet, type man 1 telnet at the HP-UX prompt.
The telnetd Program
The telnetd daemon executes a server that implements the telnet protocol as defined
in RFC 854 (Telnet Protocol Specification). The Internet daemon, inetd, executes
telnetd when it receives a service request at the port listed in the services database
for telnet
telnetd operates in the following steps during a login process:
1. 1. Allocates a telnet psuedo terminal, pty, /dev/pts/t* on the server to the
telnet client. For more information, type man 7 pty at the command prompt.
2. 2. Performs the telnet command processing on the master side of the pty and
interacts with the telnet client using the telnet protocol to negotiate terminal
input/output behavior for the client connection.
3. 3. Creates a login process on the slave side of the allocated pty. The login prompt
is displayed on the telnet client terminal standard output. The login process reads
input on standard input. Errors are written to standard output.
When a TELNET session starts, telnetd sends TELNET options to the remote client
indicating that the local client is ready for a remote connection. If the remote client is
also ready, the remote terminal type is propagated in the environment created by the
login process. The pseudo-terminal allocated to the local client is configured as a normal
terminal for login with the exception of the echoing characters.
The telnet Program 29