mparker@chip.UUCP (M. D. Parker) (04/26/89)
In a system V environment, I'd be interested in knowing how these files are used, their formats, etc. A string decomposition of my /bin/login showed these two files being used not the documentation makes a vailed reference to these files. Help and information appreciated. Mike Parker Internet: chip!mparker@nosc.mil Manager, Systems Administration UUCP: ...nosc!chip!mparker
wescott@ncrcae.Columbia.NCR.COM (Mike Wescott) (04/27/89)
In article <245@chip.UUCP> mparker@chip.UUCP (M. D. Parker) writes: > In a system V environment, I'd be interested in knowing how these files > [ /etc/dialups and /etc/d_passwd ] are used, their formats, etc. /etc/dialups contains a list of the pathnames of devices which are to be considered "dialup" lines and for which an additional dialup password will be required. Use the full pathname: "/dev/tty29", one name per line. /etc/d_passwd contains the encrypted passwords and the corresponding shells: /bin/sh:vyEGlsxgLaDj.: /usr/lib/uucp/uucico:: The dialup password is requested after (and only after) a username and password has been validated. Hence getting the propt for a Dialup Password means the you have a good username and password. The password is dependent on the shell in the user's /etc/passwd entry (/bin/sh is the default if the shell is not explicitly mentioned in /etc/d_passwd). The null entry above means that uucp connections don't get asked for a dialup password. -- -Mike Wescott mike.wescott@ncrcae.Columbia.NCR.COM
ram@tslanpar.UUCP (R. Meesters, Tech Support, Lanpar Toronto Ontario Canada) (04/28/89)
In article <245@chip.UUCP>, mparker@chip.UUCP (M. D. Parker) writes: > In a system V environment, I'd be interested in knowing how these files > are used, their formats, etc. A string decomposition of my /bin/login > showed these two files being used not the documentation makes a vailed > reference to these files. > These files are used for setting a dialup password. The references to these files can be found in the AT&T System Support and Update News. The issues in question are the June 1987 issue under the heading "How to Create a Secure UNIX System Login" and the January 1988 issue "How to Impliment a Dial- up Password for AT&T 3B UNIX System Computers." /etc/dialups is a list of the tty ports that the dial-up passwords are to be implimented on. /etc/d_password is a list of the encripted passwords for login methods. Reccomended password protections are for /bin/sh, /bin/ksh and /usr/lib/uucp/uucico. Hope this helps. -- ------------------------------------------------------------------------------ Richard Meesters | Lanpar Technologies Inc. | "Calling YOU stupid would Toronto, Ontario | be an insult to stupid people" ...attcan!nebulus!tslanpar!ram | - A Fish Called Wanda ------------------------------------------------------------------------------
linwood@b11.ingr.com (Linwood Varney) (04/30/89)
In article <245@chip.UUCP> mparker@chip.UUCP (M. D. Parker) writes: >In a system V environment, I'd be interested in knowing how these files >are used, their formats, etc. Actually these files are quite useful, especially if you are worried about security. The format of the /etc/dialups file is just a list of devices on separate lines that are concidered dailup ports, for example "/dev/tty00". If the port that login is running on is found in dialups file, then login looks in the /etc/d_passwd file to see if it should ask for a Dialup Password. A Dialup Password is asked if the Login Shell from the password file is found in the d_passwd file, along with a password. (I do not remember, but I think if the login shell was not found, login would use the first entry). The format of the d_passwd file is a list of lines with the following format: Login_Shell:Encrypted_Password: For example: $ cat /etc/dialups /dev/tty00 /dev/tty01 $ cat /etc/d_passwd /bin/sh:QDilgjTRu/6kU: /bin/ksh:Kzpmjf5lejk: /usr/lib/uucp/uucico:: $ If you were to login of either port /dev/tty00 or /dev/tty01, and your login shell was the /bin/sh, it would ask you for a "Dialup Password". If you were another computer trying to login as nuucp on one of those ports, a "Dialup Password" would be skipped. Oh, the Encrypted Password is the same as that found in the /etc/passwd file. There is no easy way to set it. What I did was password an account, and then using an editor, copy the password field from passwd to d_passwd. I also write a short program to do it. >... A string decomposition of my /bin/login >showed these two files being used not the documentation makes a vailed >reference to these files. Documentation is disappointingly vague. Source also helps.. :-) - Linwood Varney ...!uunet!ingr!linwood Network Communications linwood@ingr.com Intergraph Corporation Huntsville, Alabama