ERICMC@USU.BITNET (E Tye McQueen) (07/02/88)
I am looking for a replacement for the Unix program "login" that would allow monitoring of failed logins. Source for a login replacement (with or without failed login monitoring) would be wonderful (so I can tailor things) but is not required. The program should at least be easilly portable across different flavors of System V (including SCO Xenix). Alternatively I could use a good description of what is *everything* that "login" does so I can write my own. I know that "login" needs to prompt for a username and password, verify encrypted password, age the password, cd to HOME, set group and user IDs, and exec the appropriate shell with the appropriate arguments. I suspect it has to set the process group ID and define some environment variables and quite a few other things I haven't thought of. Any suggestions, cheap or free source code, or pointers to manuals or other text will be greatly appreciated. *Please* send replies directly to me whenever possible and I will summarize. E Tye McQueen (801) 753-4683 (753-1610) I had a good quote but ericmc@usu.bitnet P.O. Box 159 I left it at home. ericmc@cc.usu.edu Logan, Utah 84321 - Me UUCP: ...{psuvax1,uunet}!{usu.bitnet,cc.usu.edu}!ericmc
trb@ima.ISC.COM (Andrew Tannenbaum) (07/09/88)
In article <8807012337.AA01934@jade.berkeley.edu> ERICMC@USU.BITNET (E Tye McQueen) writes: > I am looking for a replacement for the Unix program "login" that would > allow monitoring of failed logins. Both 4.3BSD and SVR3 login allow monitoring of failed logins, to some extent. 4.3BSD logs data to the system error logger, which ends up getting printed on the console and stored in files. Beware of reporting the "login name" strings associated with login failures, as they are likely to be passwords. I think 4.3BSD (wisely) only reports the terminal line associated with the failure, but if you have the logging feature enabled in 5.3 login, in the case of repeated login failures, it logs the "login name" to the system console as part of the warning notification. (This is a guess on my part, I don't have a 5.3 login handy with this feature enabled to verify it.) Giving a person access to a room that has such a console listing can be quite dangerous, since a mischievous person need only mentally note the password, and then do his nasties later from the privacy of a dialup line. It's a security hole, in the guise of a security feature. Don't hack your login to log failed guesses. Be careful out there, crimestoppers. Andrew Tannenbaum Interactive Boston, MA +1 617 247 1155