In message <20020119143857.GC1171@antioche.eu.org>,
Manuel Bouyer wrote:

>Then start the sup scanner:
>/usr/sbin/supscan current <base_directory>
>
>You can now sup from clients.

Thanks Manuel, supscan is working, but sup from client does not.

After setting the whole stuff in debug mode, I saw

Jan 21 19:16:08 arnor supfile[13472]: SUP File Server Version 8.13 (4.3 BSD) starting at Jan 21 19:16:08
Jan 21 19:16:10 arnor supfile[13472]: Improper login
Jan 21 19:16:10 arnor supfile[13472]: connection from gondor.xavhome.fr.eu.org
[...snip...]
Jan 21 19:16:10 arnor supfile[13472]: SCM Writing string Reason:  Unknown user anon
Jan 21 19:16:10 arnor supfile[13472]: SCM Reading message 115
Jan 21 19:16:10 arnor supfile[13472]: SCM Reading integer 977
Jan 21 19:16:10 arnor supfile[13472]: SCM Reading string Improper login
Jan 21 19:16:10 arnor supfile[13472]: Improper login

Is is an open PR since 1998 :

>Number:         5545
>Category:       misc
>Synopsis:       Alot of data is missing from sup and supfilesrv man pages
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun  5 10:20:00 1998
>Closed-Date:    
>Last-Modified:  Wed Mar 07 14:08:02 PST 2001
>Originator:     Tim Rightnour
>Release:        1.3

More precisely, I second what Tim says about the "anon" account which is
mentionned absolutely nowher, neither the manpages, nor various docs
across a Google search.

In fact a query "NetBSD+anon+user" directed me right to this PR.

An for the manpages :

[root@arnor man]# grep -w -r anon man*
man1/sup.1:.B anon
man1/sup.1:.B anon
... dozens of matches concernig UVM ...
and that's all.

Creating the account is not enought : it must be activated...
Which rights are granted to him ? How to close the security hole it
opens ?

Thanks for clarification and help


-- 
Xav
http://www.freetibet.org
http://www.tibet.fr/