Subject: Re: pcvt and TIOCCONS (dynamic vs. static secure ttys)
To: Mark W. Eichin <eichin@cygnus.com>
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
List: current-users
Date: 04/21/1996 10:14:04
-----BEGIN PGP SIGNED MESSAGE-----
> Dynamic update would be good too -- let rlogind indicate that the pty
> it just opened is on a kerberos-authenticated, encrypted connection,
> or an ssh encrypted connection, or whatever -- so the things that ask
> "is this tty secure" can get a yes (at site admin's whim of course)
> and likewise get a "no" if it's a classic password telnet.
One question is, of course, how the "secure" bit gets set back to
"false" when rlogind lets go of the pty when it dumps core... :-). I
think you need to carry around attributes like this in the tty driver
so they can be reset when the pty is recycled.
The other issue is that, to do this correctly, telnet/rlogin/ssh/etc
have to *forward* the "secure" bit from the client, and not set the
secure bit on the server unless the client claims to be coming from a
secure tty...
[The extension I want to see is getpass() refusing to prompt for a
password *at all* if the tty is not marked as either statically or
dynamically secure...]
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBMXpCqbT+rHlVUGpxAQFulgP/UE+rD8K+WSMqURa369gW6Qe5Un4rAFNv
T6pJZHbfY+ajYm+wOR720To23D2iztZcmI46kCyOKqf+oMtzauiRn3u0teUieNAB
ZeIrKJeZNonSd0i0eHs3GI9tuaUw9hpu9LflWFMReaKS73ROGq+kr+eUQAnI3qgO
6GhQ+OS9DDk=
=/YWv
-----END PGP SIGNATURE-----