[plug] telnet server question

James Devenish devenish at guild.uwa.edu.au
Wed Jul 23 17:32:21 WST 2003 

Hi,

In message <20030723092439.13272.qmail at mail.pemberton.wa.edu.au>
on Wed, Jul 23, 2003 at 09:24:39AM +0000, Meryon Montgomery wrote:
> The question that I would like to ask concerns telnet.

As telnet is a "clear-text" protocol, I presume that everyone connecting
via telnet will be on physically secure network or using an encrypted IP
transport. If not, you might like to consider using SSH ("secure
shell"). Various Windows clients are available (traditional Windows
apps, Cygwin, etc).

> I would like to set up a telnet server on the computer that I have set
> up as a PDC runing samba, but i want to restrict availability to log
> in to a small set of users with M$ "Domain Admins" rights.

I am not familiar with your telnet server (which is...?) but with
regards to "logging in" in general, you will need to bridge the divide
between Windows authentication and UNIX authentication. Someone else
will probably be able to tell you all about doing this with Linux
(keyword: PAM, I suspect). The ease or difficulty may depend on how you
have configured Samba (i.e.  whether Samba is handling all
authentication by itself or whether you have something like an directory
service already running and accessible by LDAP, for example).

With regards to "restricting" logins to particular users, what you may
actually need to do is "create" UNIX user accounts in the first place
(in which case you could only create accounts for people with the right
Windows rights).

Also, consider whether you need to be giving people full command-line
access to the box or whether they are better served by a "menu-
selection" interface when they log in (a "menu shell" could probably be
programmed to handle authentication via samba libraries, so that you do
not need to do any manual account reconciliation).

> also can you restrict the IP range that has telnet access as well? 

There is a huge number of ways of doing this. One of the easiest to play
around with is tcp_wrappers (/etc/hosts.allow, /etc/hosts.deny, see you
local man pages). However, your daemons will need to have been compiled
with tcp_wrappers support, unless you are going to run them through an
inetd with a tcp_wrappers wrapper (!).

More information about the plug mailing list