Provides the server function for the TELNET protocol.
Note: The telnetd daemon is normally started by the inetd daemon. It can also be controlled from the command line, using SRC commands.
The /usr/sbin/telnetd daemon is a server that supports the Defense Advanced Research Product Agency (DARPA) standard Telnet Protocol (TELNET). Changes to the telnetd daemon should be made using the System Management Interface Tool (SMIT).
Changes to the telnetd daemon can be made using the System Management Interface Tool (SMIT) or System Resource Controller (SRC), by editing the /etc/inetd.conf or /etc/services file. Typing telnetd at the command line is not recommended. The telnetd daemon is started by default when it is uncommented in the /etc/inetd.conf file. By default, the -a flag is also turned on.
The inetd daemon get its information from the /etc/inetd.conf file and the /etc/services file.
After changing the /etc/inetd.conf or /etc/services file, run the refresh -s inetd or kill -1 InetdPID command to inform the inetd daemon of the changes to its configuration file.
When a telnet session is started, the telnetd daemon sends TELNET options to the client (remote) host to indicate an ability to perform options.
Terminal Negotiation
The telnetd daemon requests the terminal type from the client host. On receipt, the telnetd daemon checks whether the indicated type is supported on the local system. If not, the daemon requests a terminal type again.
This terminal type negotiation continues until the remote client sends an acceptable terminal type or until the client sends the same type twice in a row, indicating that it has no other types available. When necessary, the telnetd daemon refers to the /etc/telnet.conf file to translate a client's terminal-type strings into terminfo file entries.
Note: Because the telnetd daemon allows the sending and receiving of 8-bit ASCII, NLS is supported.
If the remote client sends the TELNET SAK command, the telnetd daemon passes the local SAK characters through the PTY to invoke the trusted shell.
The telnetd daemon supports the following TELNET options:
The telnetd daemon also recognizes the following options for the remote client:
The telnetd daemon should be controlled using the System Management Interface Tool (SMIT) or by changing the /etc/inetd.conf file. Typing telnetd at the command line is not recommended.
Authentication Negotiation
If the system has Kerberos 5 authentication configured, telnetd will accept authentication option negotiation. If both agree on Kerberos 5 authentication, the client will pass over the DCE principal and telnetd will use the kvalid_user routine to determine if the DCE principal should have access to the account. If it passes, no password will be requested.
Manipulating the telnetd Daemon with the System Resource Controller
The telnetd daemon is a subserver of the inetd daemon, which is a subsystem of the System Resource Controller (SRC). The telnetd daemon is a member of the tcpip SRC subsystem group. This daemon is enabled by default in the /etc/inetd.conf file and can be manipulated by the following SRC commands:
Item | Description |
---|---|
-a | Causes the PTY and socket to be linked directly in the kernel so that the data handling remains in the kernel to improve the performance. |
-c | Suppresses the reverse host name lookup. |
-n | Disables transport-level keep-alive messages. Messages are enabled by default. |
-s | Turns on socket-level debugging. |
The telnetd daemon is a PAM-enabled application with a service name of telnet. System-wide configuration to use PAM for authentication is set by modifying the value of the auth_type attribute, in the usw stanza of /etc/security/login.cfg, to PAM_AUTH as the root user.
#
# AIX telnet configuration
#
telnet auth required /usr/lib/security/pam_aix
telnet account required /usr/lib/security/pam_aix
telnet password required /usr/lib/security/pam_aix
telnet session required /usr/lib/security/pam_aix
Note: The arguments for the telnetd daemon can be specified by using SMIT or by editing the /etc/inetd.conf file.
startsrc -t telnet
This command starts the telnetd subserver.stopsrc -t telnet
This command allows all pending connections to start and existing connections to complete but prevents new connections from starting.stopsrc -f -t telnet
This command terminates all pending connections and existing connections immediately.lssrc -t telnet
This command returns the daemon's name, process ID, and state (active or inactive).Item | Description |
---|---|
terminfo | Describes terminal by capability. |