manpagez: man pages & more
info inetutils
Home | html | info | man 

File: inetutils.info,  Node: telnetd invocation,  Next: tftpd invocation,  Prev: talkd invocation,  Up: Top

26 'telnetd': Telnet server
***************************

     telnetd [OPTION]...

'-a AUTHMODE'
'--authmode=AUTHMODE'
     Specify what mode to use for authentication.  Allowed values are:
     'none', 'other', 'user', 'valid', and 'off'.

'-D[LIST]'
'--debug=[LIST]'
     Set the debugging level.  The argument is a comma separated list of
     these categories: 'options', 'report', 'netdata', 'ptydata',
     'auth', and 'encr'.  All these may be used in the form
     'name[=level]'.  Omission of 'level' implies the maximal possible
     debugging level for that particular category.

     There is one additional category 'tcp', which does not take an
     additional level indicator, but is instead equivalent to setting
     the socket option 'SO_DEBUG' for debugging the complete traffic.

     The output is written to the file '/tmp/telnet.debug', and any new
     data is incrementally added as time passes.

'-E STRING'
'--exec-login=STRING'
     Set program to be executed instead of '/bin/login'.

'-h'
'--no-hostinfo'
     Do not print host information before login has been completed.

'-l[MODE]'
'--linemode=[MODE]'
     Set line mode.  An empty argument will force line read mode at all
     times.  The only recognised value is otherwise 'nokludge'.

'-n'
'--no-keepalive'
     Disable TCP keep-alives.

'-S PRINCIPAL'
'--server-principal=PRINCIPAL'
     Set principal name for the server, to be used in Kerberos
     authentication.  The value PRINCIPAL can be set to provide full
     specification like 'srv.local@REALM' and 'tnt/localhost@REALM',
     where the first uses the standard prefix 'host/'.  Or PRINCIPAL can
     override default settings in part only, like 'srv.local',
     'tnt/srv.local', or '@REALM'.

'-U'
'--reverse-lookup'
     Refuse connections from addresses that cannot be mapped back into a
     symbolic name.  A client is accepted only if the IP address can be
     resolved as a host name, and the same name is resolvable to
     addresses among which the clients's address is included.

'-X AUTHTYPE'
'--disable-auth-type=AUTHTYPE'
     Disable the use of the given authentication type.  Use this option
     multiple times if more than one type is to be disabled.  Standard
     choices are 'null', 'kerberos_v4', and 'kerberos_v5'.

26.1 Crafting an execution string.
==================================

The server 'telnetd' contains a built-in execution string which invokes
'login' with arguments suitable for the operating system at hand.  This
preset choice corresponds to the standard use case of the service.  For
specialized purposes this implementation also offers a command line
option '-E', or '--exec-login', to override the built-in execution of
'login', thus allowing almost any choice of handler.

A custom execution string could look like

     telnetd -h -E '/usr/local/sbin/avrop  %t %U'

The execution string must as its first part provide an absolute path to
an executable file.  After that may follow arbitrary additional
arguments.  For this latter part, 'telnetd' offers some replacement
tokens that dynamically are replaced by content.  All are of the form
'%', where '' is a single letter from the following collection
of selectors.  A valid letter is called "variable".  The mark
_conditional_, appearing below, indicates that the corresponding
variable is conditionally assigned a value.

'%a'
     Returns 'ok' whenever authentication is complete.  _conditional_

'%d'
     Produces a time and date string.

'%h'
     Gives the remote host name in canonical form.

'%l'
     States the local host name, also in canonical form.

'%L'
     Returns the path of the pseudo terminal assigned to the client.

'%t'
     Gives the terminal device stripped of the leading '/dev/'.

'%T'
     States the terminal type, like 'xterm'.  _conditional_

'%u'
     Provides the authenticated user name.  _conditional_

'%U'
     Returns the user name passed as an environment variable 'USER' by
     the remote client software.  The value is empty, should the
     environment not provide a value.

   In addition, a conditional construct is able to take one action in
case a variable has an assigned value, and optionally to take another
action in the opposite case.  The contruct is

     %?{true-stmt}[{false-stmt}]

The braces are here mandatory, while the brackets enclose the optional
else-clause and are not included in actual use.  The initial, motivating
example, could thus be expanded to read

     telnetd -h -E '/usr/local/sbin/avrop  %t %?a{%u krb5}{%U}'

In case authentication was completed as user 'sigge', the execution
string would resolve to

     /usr/local/sbin/avrop  pts/1 sigge krb5

In all other cases the result would be

     /usr/local/sbin/avrop  pts/1 $USER

where '$USER' is the value of the corresponding environment variable and
could possibly be empty.

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.