HP-UX Reference (11i v1 05/09) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

501

502

503

504

505

506

507

508

509

510

telnetd(1M)

Kerberos telnetd(1M)

Options

telnetd has the following options.

-b [bannerfile] Specify a ﬁle containing a custom banner. This option overrides the standard

tel-

netd

/etc/issue as the login banner, have

inetd start telnetd with the following lines in

/etc/inetd.conf (\

provides

line continuation):

telnet stream tcp nowait root /usr/lbin/telnetd \

telnetd -b/etc/issue

If bannerﬁle is not speciﬁed,

telnetd does not print a login banner.

-A Ensures that non-secure systems are denied access to the server. It overrides any

value speciﬁed with the -a option except when authmode is

debug. (See sis(5).)

-a authmode Speciﬁes what mode is to be used for Kerberos authentication. (See sis(5).) Values for

authmode are:

debug Activates authentication debugging.

valid Default value. Only allows connections when the remote user can provide

valid Kerberos authentication information and is authorized to access the

speciﬁed account.

none Authentication information is not required. If no or insufﬁcient Kerberos

authentication information is provided, the login(1) program provides the

necessary user veriﬁcation.

-t Enable the TAC User ID option.

The system administrator can enable the TAC User ID option on servers designated

as participating hosts by having

inetd start telnetd with the -t option in

/etc/inetd.conf:

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -t

In order for the TAC User ID option to work as speciﬁed, the system administrator

must assign to all authorized users of the option the same login name and unique user

ID (UUID) on every participating system to which they are allowed TAC User ID

access. These same UUIDs should not be assigned to non-authorized users.

Users cannot use the feature on systems where their local and remote UUIDs differ,

but they can always use the normal telnet login sequence. Also, there may be a

potential security breach where a user with one UUID may be able to gain entry to

participating systems and accounts where that UUID is assigned to someone else,

unless the above restrictions are followed.

A typical conﬁguration may consist of one or more secure front-end systems and a net-

work of participating hosts. Users who have successfully logged onto the front-end

system may telnet directly to any participating system without being prompted for

another login.

DIAGNOSTICS

If any error is encountered by telnetd in establishing the connection, an error message is returned

through the connection, after which the connection is closed and the server exits. Any errors generated by

the login process or its descendents are passed through as ordinary data.

Diagnostic messages displayed by telnetd are displayed below. Kerberos speciﬁc errors are listed in

sis(5).

unable to allocate Telnet device

The server was unable to obtain a Telnet pseudo-terminal for use with the login process. Either

all Telnet pseudo-terminals were in use or the telm driver has not been properly set up (see

tels(7)).

Next step: Check the

tels and telm conﬁguration of the host where telnetd is executing.

fork: No more processes

HP-UX 11i Version 1: September 2005 − 2 − Hewlett-Packard Company Section 1M−−1017