matt@srs.uucp (Matt Goheen) (08/10/89)
We have a little fake login program that sits between getty and the
real login program that requires a non-trivial (i.e. not your typical
user) password (things like "jkdKP0qa", "9iwKJcx3", etc.) when you
log in from a dial up line. This keeps us from having to be password
police unless people want to dial into the system.
The problem is that we would like to set up one account that doesn't
need this "dail up password". It would be a restriced shell account
for doing some limited tasks. Currently, our fake login program
simply prompts for a user name (that is doesn't really use, except
to pass on to the real "login") and the dial up password. It then
execs "/bin/login username" and off you go. My first attempt at
side stepping this was to not prompt for the dial up password if
the user name given was the one that didn't require a dial up
password. The problem with that is that once the real login is
called, you can simply enter an invalid password for the no dial
up password user and proceed to attempt to login as who ever you
wish (you still need their password, but you've side stepped the
login password).
Anyone see an EASY fix for this. It would be nice if login would
just quit if the first password given were incorrect.
While snooping around, I found a couple of interresting things about
login and getty that (at least) I didn't know. In getty, there is
a string "Amnesiac" -- anyone know what that's for? In login, there
are a couple of apparent undocumented options, "-h" and "-r". I
can't seem to get "-h" to do anything, but a "/bin/login -r" does
some strange things (no prompts, and an error message that reads
"remuser too long" after about 8 characters on stdin).
BTW, this is on a Sun running 3.2 (and 3.4), and I have NO UNIX
SOURCE LICENSE..
--
- uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen -
- internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu -
- "We had some good machines, but they don't work no more." -rbj@dsys.ncsl.nist.gov (Root Boy Jim) (08/17/89)
? From: Matt Goheen <matt@srs.uucp>
? While snooping around, I found a couple of interresting things about
? login and getty that (at least) I didn't know. In getty, there is
? a string "Amnesiac" -- anyone know what that's for?
main(argc, argv) /*getty*/
char *argv[];
{
....
gethostname(hostname, sizeof(hostname));
if (hostname[0] == '\0')
strcpy(hostname, "Amnesiac");
...
}
? In login, there
? are a couple of apparent undocumented options, "-h" and "-r". I
? can't seem to get "-h" to do anything, but a "/bin/login -r" does
? some strange things (no prompts, and an error message that reads
? "remuser too long" after about 8 characters on stdin).
...
/*
* login [ name ]
* login -r hostname (for rlogind)
* login -h hostname (for telnetd, etc.)
*/
...
/*
* -p is used by getty to tell login not to destroy the environment
* -r is used by rlogind to cause the autologin protocol;
* -h is used by other servers to pass the name of the
* remote host to login so that it may be placed in utmp and wtmp
*/
? - uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen
? - internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu -
? - "We had some good machines, but they don't work no more." -
? BTW, this is on a Sun running 3.2 (and 3.4), and I have NO UNIX
? SOURCE LICENSE..
Too bad.
Root Boy Jim
Have GNU, Will Travel.deraadt@enme3.ucalgary.ca (Theo Deraadt) (08/19/89)
Ok, here's my login question then. Why under SunOS 4.0.3 if I open a pty and start a /bin/login on it, do the window sizes in the tty driver get toasted? I did a trace on login, and it toasts them, with a structure that adb shows to default to 4 shorts.. it's stopped us dead from doing something we were doing.. ie.. setting the window size before the login and we don't understand.. should we go through the rlogin protocol? <tdr. Theo de Raadt (403) 289-5894 Calgary, Alberta, Canada