riddle@woton.UUCP (10/02/87)
With all the discussion of security and the UNIX PC lately, I thought I'd
mention an undocumented security feature that works on the 3B1 (at least, it
appears to work for us under 3.0 and 3.5 even though I couldn't find
reference to it in the fine manuals): dialup passwords.
To use it, create a file called "/etc/dialups" containing the following:
/dev/ph0
/dev/ph1
...and another file called "/etc/d_passwd" containing two lines like this:
/usr/lib/uucp/uucico::
/bin/sh:f7gC.wQ8TbgWp:
From then on, users logging in over the phone lines will be asked for an
additional password after typing in their own. UUCP operations will be
unaffected.
Of course, the password entry in the second line in the "/etc/d_passwd" file
(the stuff between the two colons) should be changed to the encrypted form of
a password of your own choosing. The easiest way to do this is to use the
"passwd" command to change the password for your own login id, copy the
resulting encrypted password out of your line in /etc/passwd, then change
your own password back. (Got that?)
This is no substitute for fixing security holes, but at least you can sleep a
bit more soundly knowing that you've added an extra hurdle for dialup
crackers.
--- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
--- Opinions expressed are not necessarily those of Shriners Burns Institute.
--- riddle@woton.UUCP {ihnp4,harvard}!ut-sally!im4u!woton!riddle