matt@srs.uucp (Matt Goheen) (08/10/89)
We have a little fake login program that sits between getty and the real login program that requires a non-trivial (i.e. not your typical user) password (things like "jkdKP0qa", "9iwKJcx3", etc.) when you log in from a dial up line. This keeps us from having to be password police unless people want to dial into the system. The problem is that we would like to set up one account that doesn't need this "dail up password". It would be a restriced shell account for doing some limited tasks. Currently, our fake login program simply prompts for a user name (that is doesn't really use, except to pass on to the real "login") and the dial up password. It then execs "/bin/login username" and off you go. My first attempt at side stepping this was to not prompt for the dial up password if the user name given was the one that didn't require a dial up password. The problem with that is that once the real login is called, you can simply enter an invalid password for the no dial up password user and proceed to attempt to login as who ever you wish (you still need their password, but you've side stepped the login password). Anyone see an EASY fix for this. It would be nice if login would just quit if the first password given were incorrect. While snooping around, I found a couple of interresting things about login and getty that (at least) I didn't know. In getty, there is a string "Amnesiac" -- anyone know what that's for? In login, there are a couple of apparent undocumented options, "-h" and "-r". I can't seem to get "-h" to do anything, but a "/bin/login -r" does some strange things (no prompts, and an error message that reads "remuser too long" after about 8 characters on stdin). BTW, this is on a Sun running 3.2 (and 3.4), and I have NO UNIX SOURCE LICENSE.. -- - uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen - - internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu - - "We had some good machines, but they don't work no more." -
rbj@dsys.ncsl.nist.gov (Root Boy Jim) (08/17/89)
? From: Matt Goheen <matt@srs.uucp>
? While snooping around, I found a couple of interresting things about
? login and getty that (at least) I didn't know. In getty, there is
? a string "Amnesiac" -- anyone know what that's for?
main(argc, argv) /*getty*/
char *argv[];
{
....
gethostname(hostname, sizeof(hostname));
if (hostname[0] == '\0')
strcpy(hostname, "Amnesiac");
...
}
? In login, there
? are a couple of apparent undocumented options, "-h" and "-r". I
? can't seem to get "-h" to do anything, but a "/bin/login -r" does
? some strange things (no prompts, and an error message that reads
? "remuser too long" after about 8 characters on stdin).
...
/*
* login [ name ]
* login -r hostname (for rlogind)
* login -h hostname (for telnetd, etc.)
*/
...
/*
* -p is used by getty to tell login not to destroy the environment
* -r is used by rlogind to cause the autologin protocol;
* -h is used by other servers to pass the name of the
* remote host to login so that it may be placed in utmp and wtmp
*/
? - uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen
? - internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu -
? - "We had some good machines, but they don't work no more." -
? BTW, this is on a Sun running 3.2 (and 3.4), and I have NO UNIX
? SOURCE LICENSE..
Too bad.
Root Boy Jim
Have GNU, Will Travel.
deraadt@enme3.ucalgary.ca (Theo Deraadt) (08/19/89)
Ok, here's my login question then. Why under SunOS 4.0.3 if I open a pty and start a /bin/login on it, do the window sizes in the tty driver get toasted? I did a trace on login, and it toasts them, with a structure that adb shows to default to 4 shorts.. it's stopped us dead from doing something we were doing.. ie.. setting the window size before the login and we don't understand.. should we go through the rlogin protocol? <tdr. Theo de Raadt (403) 289-5894 Calgary, Alberta, Canada