[bug-inetutils] Important update of telnetd.

[Mats Erik Andersson]

Dear all,

an hour ago a pushed a very important set of changes that
alters telnet and telnetd, client and server, when they
are using Kerberos authentication in the form of libshishi.
I want to describe the changes for our common understanding.

 * The ability to authorize access using "$HOME/.k5login"
   is implemented in telnetd, rshd, and rlogind, for future
   versions of libshishi, i.e., version at least 1.0.2.
   This condition is due to the broken support in present
   libshishi-1.0.1. Remember also that "$HOME/.k5login"
   consists of such qualified name strings, never a naked
   principal's name.

 * The client side is acknowledging authentication with
   his qualified principal name, like "address@hidden",
   not only printing his realm as was done previously.

 * There was a call to shishi_done() executed from within
   auth_finished() until yesterday. That lead to the premature
   release of the Shishi handle, and sometimes segfaults.
   I have now inserted one manual shishi_done() that seems
   to take care of the client. The server, however, will
   never execute shishi_done() with the present code. I am
   not sure whether we should accept this, and I am not sure
   where the earliest possible location for the call would be.
   It is certainly to early to place the call within
   krb5shishi_is_auth(), as was previously the case.
   Help in examining and testing this is welcome.

Simon has informed me that he has applied my patches to libshishi
for mending "k5login" authentication, so a build of libshishi
from the development head, and downgrading to

    shishi_check_version("1.0.1")

in

    libinetutils/shishi.c  and  libtelnet/shishi.h

will allow testing our servers in a live setting.


Best regards for now,

   Mats E A