mms@bnlux0.bnl.gov (Morris Strongson) (06/15/89)
We are presently running Ultrix 2.0 on a Vax 11/780, and expect to go to 3.0 shortly. The need to restrict one incoming tty line to uucp logins only has arisen, and we do not know how to to that. Any information you can give me as to how to impose such restrictions will be appreciated. Thanks in advance. Morris Strongson INTERNET: mms@bnlux0.bnl.gov BITNET: mms@bnlux0.BITNET UUCP: ...philabs!sbcs!bnlux0!mms or bnlux0!mms@uunet.uu.net -- Morris Strongson INTERNET: mms@bnlux0.bnl.gov BITNET: mms@bnlux0.BITNET UUCP: ...philabs!sbcs!bnlux0!mms or bnlux0!mms@uunet.uu.net
dold@mitisft.Convergent.COM (Clarence Dold) (06/15/89)
in article <1214@bnlux0.bnl.gov>, mms@bnlux0.bnl.gov (Morris Strongson) says: > We are presently running Ultrix 2.0 on a Vax 11/780, and expect to go to > 3.0 shortly. The need to restrict one incoming tty line to uucp logins only > has arisen, and we do not know how to to that. Any information you can give Three steps: 1) See if your version of login supports dialup passwords: #strings /bin/login |grep d_pas /etc/d_passwd 2) Create a /etc/dialups file containing the name of the tty you want to guard: #-r-------- 1 root root 189 Nov 24 08:46 /etc/dialups /dev/tty500 # /etc/dialups will contain all of the devices that # **might** present Dialup Password, depending on # entries in /etc/d_passwd. 3) Create a /etc/d_passwd controlling all possible login shells: #-r-------- 1 root root 368 Nov 24 08:45 /etc/d_passwd # /etc/d_passwd contains all 'initial programs' allowed # when invoked on a line specified in /etc/dialups # /bin/sh:13characterEncryption: # The encrypted password is drawn over via grep after applying # /bin/passwd to a superfluous entry in /etc/passwd. /bin/sh:JUNK: /bin/ksh:JUNK: /bin/rsh:JUNK: # A line to allow uucp entry with no password: /usr/lib/uucp/uucico:: # Use links to different shell names to cause certain login ids # to require Dialup password, while other logins using the same # shell with a different name don't need a password. -- --- Clarence A Dold - dold@tsmiti.Convergent.COM (408) 434-5293 ...pyramid!ctnews!tsmiti!dold P.O.Box 6685, San Jose, CA 95150-6685 MS#10-007
rbk@cbnewsk.ATT.COM (R. Brad Kummer) (06/24/89)
In article <1214@bnlux0.bnl.gov> mms@bnlux0.UUCP (Morris Strongson) writes: > > We are presently running Ultrix 2.0 on a Vax 11/780, and expect to go to >3.0 shortly. The need to restrict one incoming tty line to uucp logins only >has arisen, and we do not know how to to that... I don't know about Ultrix, but in SYSV you could set up a dial-up password for the tty port. This simply requires creating an /etc/dialups file which contains the name(s) of tty ports declared to be "dialups," e.g.: $ cat /etc/dialups /dev/tty01 Next, you need to create an /etc/d_passwd file for the passwords. The first field of each line corresponds to the program run by login (determined from the last field in /etc/passwd), i.e., uucico for a UUCP login and typically /bin/sh (or NULL, which defaults to /bin/sh) for a "normal" login. The second field is the encrypted password, or NULL for no password. Thus, the following should accomplish what you want: $ cat /etc/d_passwd uucico:: :NP: The first line creates no password for uucico, and the NP in the second line effectively disables any other logins (a user trying to log in on this port will be prompted with "Dialin password:" and any response will produce a "Login incorrect" failure. Incidentally, if you do want to create a valid dialin password for the line (to allow "privileged" users to log in), you can use passwd to assign the password to some user (perhaps temporarily) and then copy the encrypted password from /etc/passwd. Hope this helps. R. Brad Kummer att!akguc!rbk AT&T Bell Laboratories, Atlanta