art@bohtsg.pegasus.com (Art Neilson) (06/22/91)
I recently tried to implement shadow passwords in our Tower 500 OS 1.01.02. Everything seems to work fine except for va. /bin/login, /bin/su and other system utilities behave correctly in the presence of /etc/shadow. /bin/passwd correctly updates /etc/shadow with new passwords, and /bin/login looks up passwords in /etc/shadow instead of /etc/passwd as does /bin/su. Unfortunately /va/obj/va which is invoked by /va/obj/vastart (va's login shell) detects the presence of /etc/shadow and complains that you must remove the shadow password option before va will work. Why is va crippled in this regard ? We are a Banking Institution and would like to implement the shadow feature to enhance security. The old sa administration system was composed of shell scripts so it is easy to modify, however the new va administration system is a binary file and cannot be easily modified. We really liked the old menu system and the ease of adding our own custom Banking menus to the standard sa menu system. This is no longer the case, we haven't a clue as to how one can hook into the va menu system. -- Arthur W. Neilson III | INET: art@pilikia.pegasus.com Bank of Hawaii Tech Support | UUCP: uunet!ucsd!nosc!pegasus!bohtsg!art
rey@safn2.UUCP (rey) (06/23/91)
In article <1991Jun21.202108.18914@bohtsg.UUCP>, art@bohtsg.pegasus.com (Art Neilson) writes: > security. The old sa administration system was composed of shell scripts > so it is easy to modify, however the new va administration system is a > binary file and cannot be easily modified. We really liked the old > menu system and the ease of adding our own custom Banking menus to the > standard sa menu system. This is no longer the case, we haven't a clue > as to how one can hook into the va menu system. We have va on a 450/32 Unix 3.00.01. It is hard to give up the sa stuff. We brought a lot of it over when we migrated; but any new applications would be hard to figure out what to do. I got the va manuals and tape for installation from NCR; but it looked kinda foreign and I have never gotten into it. Did it come from ATT? What was(is) the point? sa was pretty good I thought. Do any 3rd party software vendors supply va installable product, or is it an NCR exclusive? Do the 3000 machines use va? is it part of V.4? Would va give me a head start in any later migration? -- Reynolds McClatchey (Southern Aluminum Finishing Co, Atlanta, GA, USA) Architectural Aluminum. Custom Fabrication. Paint, Powder Coating, Anodizing. uunet!safn2!rey MCImail 414-2935 Voice 404-355-1560 Fax 404-350-0581
dick@ahds.ahold.nl (Dick Heijne CCS/TS) (06/24/91)
In article <1975@safn2.UUCP>, rey@safn2.UUCP (rey) writes: > In article <1991Jun21.202108.18914@bohtsg.UUCP>, art@bohtsg.pegasus.com (Art Neilson) writes: | > "We liked sa a lot more than va" > Did it come from ATT? > What was(is) the point? sa was pretty good I thought. > Do any 3rd party software vendors supply va installable product, or is it > an NCR exclusive? > Do the 3000 machines use va? is it part of V.4? > Would va give me a head start in any later migration? Both sa and va are NCR products. Va has all kinds of rubbish like reverse fields, windowscopes and other childish stuff, that obviously charmed some Manager, who desparetly needs a promotion to some island in the Pacific. Indeed, sa was far more transparent than va and better managable. It also *worked* fine. After a few years, va still suffers from bugs like not restoring the generated keycodes after operation etc. Also, the logic is very dumb and slow. The #$%^ with va, give us sa back!! Dick. ~a
art@pilikia.pegasus.com (Arthur Neilson) (06/26/91)
In article <1991Jun21.202108.18914@bohtsg.UUCP> art@bohtsg.pegasus.com (Art Neilson) writes: >I recently tried to implement shadow passwords in our Tower 500 >OS 1.01.02. Everything seems to work fine except for va. /bin/login, >/bin/su and other system utilities behave correctly in the presence >of /etc/shadow. /bin/passwd correctly updates /etc/shadow with new >passwords, and /bin/login looks up passwords in /etc/shadow instead of >/etc/passwd as does /bin/su. Unfortunately /va/obj/va which is invoked >by /va/obj/vastart (va's login shell) detects the presence of /etc/shadow >and complains that you must remove the shadow password option before >va will work. Why is va crippled in this regard ? We are a Banking Heh. It turns out that /va/obj/ofinterpret is the guilty party, he checks for the existence of the file /etc/shadow, displays an error message and exits if it is found. It's easy to use a hex editor and search for the ascii string "/etc/shadow" in the ofinterpret binary, once located set all 11 bytes to binary zeroes. This will allow va to run in the presence of /etc/shadow. The system utilities such as /bin/login, /bin/su and /bin/passwd already know what to do with the shadow file, you just have to create it. It should be easy to create an awk script to automate the migration task. I now have the undocumented shadow password option running fine on our Tower 500 OS 1.xx in spite of va. -- Arthur W. Neilson III | INET: art@pilikia.pegasus.com Bank of Hawaii Tech Support | UUCP: uunet!ucsd!nosc!pilikia!art
craig@unislc.uucp (Craig Ozancin) (06/28/91)
From article <2004@ahds.ahold.nl>, by dick@ahds.ahold.nl (Dick Heijne CCS/TS): > In article <1975@safn2.UUCP>, rey@safn2.UUCP (rey) writes: >> In article <1991Jun21.202108.18914@bohtsg.UUCP>, art@bohtsg.pegasus.com (Art Neilson) writes: > | > "We liked sa a lot more than va" >> Did it come from ATT? >> What was(is) the point? sa was pretty good I thought. >> Do any 3rd party software vendors supply va installable product, or is it >> an NCR exclusive? >> Do the 3000 machines use va? is it part of V.4? >> Would va give me a head start in any later migration? > Both sa and va are NCR products. WRONG! sa menus are added by Unisys on their version of the NCR release. Craig Ozancin
vause@cs-col.Columbia.NCR.COM (Sam Vause) (06/28/91)
In article <1991Jun27.173338.6948@unislc.uucp> craig@unislc.uucp (Craig Ozancin) writes: >From article <2004@ahds.ahold.nl>, by dick@ahds.ahold.nl (Dick Heijne CCS/TS): >> In article <1975@safn2.UUCP>, rey@safn2.UUCP (rey) writes: >>> In article <1991Jun21.202108.18914@bohtsg.UUCP>, art@bohtsg.pegasus.com (Art Neilson) writes: >> | > "We liked sa a lot more than va" >>> Did it come from ATT? >>> What was(is) the point? sa was pretty good I thought. >>> Do any 3rd party software vendors supply va installable product, or is it >>> an NCR exclusive? >>> Do the 3000 machines use va? is it part of V.4? >>> Would va give me a head start in any later migration? >> Both sa and va are NCR products. > >WRONG! sa menus are added by Unisys on their version of the NCR release. > > >Craig Ozancin Let me try to put this issue to bed, once and for all. NCR designed and wrote both SA and VA. Neither AT&T or Unisys were parties to the original design. Unisys purchased the TOWER and modified the OS (including SA/VA) for their own purposes. System 3000 products do not have SA/VA menus; rather, NCR delivers the AT&T SVR4 "sysadmin" subsystem as a replacement. +---------------------------------------------------------------+ |Sam Vause, NCR Corporation, Customer Services - UNIX Support | |3325 Platt Springs Road, West Columbia, SC 29169 (803) 791-6953| | vause@cs-col.ColumbiaSC.NCR.COM | +---------------------------------------------------------------+ -- +---------------------------------------------------------------+ |Sam Vause, NCR Corporation, Customer Services - TOWER Support | |3325 Platt Springs Road, West Columbia, SC 29169 (803) 791-6953| | vause@cs-col.ColumbiaSC.NCR.COM |
jmaynard@oac.hsc.uth.tmc.edu (Jay Maynard) (06/28/91)
In article <1991Jun27.173338.6948@unislc.uucp> craig@unislc.uucp (Craig Ozancin) writes: >From article <2004@ahds.ahold.nl>, by dick@ahds.ahold.nl (Dick Heijne CCS/TS): >> Both sa and va are NCR products. >WRONG! sa menus are added by Unisys on their version of the NCR release. If that's the case, why does my Tower XP have sa? -- Jay Maynard, EMT-P, K5ZC, PP-ASEL | Never ascribe to malice that which can jmaynard@oac.hsc.uth.tmc.edu | adequately be explained by stupidity. "As far as I'm concerned, 'average skills' means you know that the pointy end of the drill makes the holes." -- Ron Wanttaja, _Kitplane Construction_
dmdc@ncrsea.Seattle.NCR.COM (Dennis M. Dooley) (06/28/91)
In article <1991Jun27.173338.6948@unislc.uucp> craig@unislc.uucp (Craig Ozancin) writes: >From article <2004@ahds.ahold.nl>, by dick@ahds.ahold.nl (Dick Heijne CCS/TS): >> In article <1975@safn2.UUCP>, rey@safn2.UUCP (rey) writes: >>> In article <1991Jun21.202108.18914@bohtsg.UUCP>, art@bohtsg.pegasus.com (Art Neilson) writes: >> | > "We liked sa a lot more than va" >>> Did it come from ATT? >>> What was(is) the point? sa was pretty good I thought. >>> Do any 3rd party software vendors supply va installable product, or is it >>> an NCR exclusive? >>> Do the 3000 machines use va? is it part of V.4? >>> Would va give me a head start in any later migration? >> Both sa and va are NCR products. CO> CO>WRONG! sa menus are added by Unisys on their version of the NCR release. CO> Say what! We may be talking about two different implementations of an sa environment, but NCR had sa on the original Tower 1632, and I believe the shell scripts for sa all had NCR copyright notices. To my knowledge, the sa that ran on the earlier versions of the Tower OS where all developed by NCR. __ Dennis M. Dooley VOICEplus 421-1790 NCR Corporation ncrsea!dmdc (206) 643-4150 15400 S.E. 30th Pl. dennis.dooley@ncrsea.Seattle.NCR.COM Bellevue, WA. 98007
jlodman@beowulf.ucsd.edu (Michael Lodman) (06/29/91)
In article <1991Jun27.173338.6948@unislc.uucp> craig@unislc.uucp (Craig Ozancin) writes: >From article <2004@ahds.ahold.nl>, by dick@ahds.ahold.nl (Dick Heijne CCS/TS): >> Both sa and va are NCR products. > >WRONG! sa menus are added by Unisys on their version of the NCR release. Then why did every NCR Tower I ever managed while at NCR have the SA menus before the release of VA? Get a clue, Craig. I do agree with comments regarding SA/VA. SA was straightforward, seemed to have a nice tree structure, and about the only negative thing I could say about was that it just loved every opportunity to retension a streaming tape. I ended up going in and disabling a lot of the retensioning just so tape operations would finish in finite time. VA, while sort of pretty, always messed up my terminal, a bunch of the fumctions led to non-existant executables (mostly related to TCP/IP setup), and there were things I wanted to do in VA that didn't seem to exist. On the subject of the sysadmin menus from AT&T, unless they've been enhanced a lot from what they were in V.3.2, they are way underpowered, at least that's true of what ISC ships. Hopefully NCR has enhanced the functionality to step the admin through a lot of the messy hardware configuration and maint. type jobs. -- Michael Lodman Department of Computer Science Engineering University of California, San Diego jlodman@cs.ucsd.edu (619) 672-1673
burke@seachg.uucp (Michael Burke) (06/30/91)
In article <1991Jun27.173338.6948@unislc.uucp> craig@unislc.uucp (Craig Ozancin) writes: >> Both sa and va are NCR products. > >WRONG! sa menus are added by Unisys on their version of the NCR release. Unisys sa and NCR sa are not the same. Unisys does add their own, but it replaces the NCR package rather than augments it. -- --- Michael Burke Sea Change Corporation 6695 Millcreek Drive, Unit 8 Mississauga, Ontario, Canada L5N 5R8 Tel: 416-542-9484 Fax: 416-542-9479 UUCP: ...!uunet!attcan!seachg!burke