wescott@LNIC1.HPRC.UH.EDU (Andrew M. Wescott) (10/05/89)
Can someone tell me a simple way to restrict login access on a couple of our dialup lines? Right now we use ttys/getty . I know you can add password protection with Aegis siologin/siomonit, but what if I'm a UNIX only installation ? Thanks in advance for any help. Andrew Wescott University of Houston Department of Chemical Engineering
pcc@apollo.HP.COM (Peter Craine) (10/06/89)
In article <8910051532.AA00387@lnic1.hprc.uh.edu> wescott@LNIC1.HPRC.UH.EDU (Andrew M. Wescott) writes: > >Can someone tell me a simple way to restrict login access on a couple >of our dialup lines? Right now we use ttys/getty . I know you can >add password protection with Aegis siologin/siomonit, but what if >I'm a UNIX only installation ? > >Thanks in advance for any help. > Check out the man page for login. You'll see a section on "Dial-Up Security". This will discuss /etc/d_users and /etc/d_passwd. These files allow only certain users (d_users) who know the dialin password (d_passwd) to use lines that are tagged as "dialin" in /etc/ttys. You can use both, either, or neither of these files. Peter Craine, NACS *I* don't wany my own opinions. Why would HPOLLO want them?
chen@digital.sps.mot.com (Jinfu Chen) (10/06/89)
In article <8910051532.AA00387@lnic1.hprc.uh.edu> wescott@LNIC1.HPRC.UH.EDU (Andrew M. Wescott) writes: > >Can someone tell me a simple way to restrict login access on a couple >of our dialup lines? Right now we use ttys/getty . I know you can >add password protection with Aegis siologin/siomonit, but what if >I'm a UNIX only installation ? > From /bsd4.3/usr/man/cat1/login.1 page: SECURITY Sites wishing additional security protection on dial-up lines may want to use these security features, /etc/d_users and /etc/d_passwd. /etc/d_users is simply a file containing a list of users authorized to log in on this node. /etc/d_passwd is a file containing lines of the following format: /bin/sh:encrypted-password where encrypted-password is the dial-in password for the specified shell as returned by crypt(3). If an entry for the user's log-in shell is not found in this file, the password for /bin/sh is used. -- Jinfu Chen (602)898-5338 | Disclaimer: Motorola, Inc. Logic IC Div., Mesa, AZ | ...{somewhere}!uunet!dover!digital!chen | My employer doesn't pay chen@digital.sps.mot.com | me to express opinions. ----------