home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Monster Media 1994 #1
/
monster.zip
/
monster
/
OS2
/
LOGENH11.ZIP
/
MANUAL.DOC
< prev
next >
Wrap
Text File
|
1994-02-02
|
14KB
|
283 lines
==============================================================================
**** LOGIN, PASSWD, and CNVTUNIX: A Suite of programs to secure and enhance
OS/2 2.x TCP/IP TelnetD
**** By Aaron B. Brown
==============================================================================
CONTENTS
--------
Summary
Installation
Configuration
Security and Logging
Support Information
Warranty and License
SUMMARY
-------
In its default implementation supplied by IBM, OS/2 TCP/IP TelnetD is
full of security holes. Its standard setup depends on a plaintext password
stored in the environment; only by using the included loginunx.exe can it be
modified to rely on UNIX-style DES-secure password file. Even in this
configuration, it is difficult to configure and maintains no log of telnet
activity.
The combination of utilities in this package is designed to address
these problems. Like loginunx, it relies on a UNIX-style DES-encrypted
password file. However, it adds greatly to that functionality. It supplies
the additional utilities needed to maintain and create the "passwd" file; it
also provides much more flexibility in controlling and maintaining your OS/2
telnet system. You can configure the telnetd subsystem for each user through
the passwd file, selecting shells and default directories for every entry in
the passwd file. Guest access (with no password) is also available by
leaving the password field blank. The welcome banner displayed by the login
program is also configurable. Finally, the login program can also keep a full
log of successful and failed login attempts, and will place the login name of
the currently-logged-in user in the environment and in a file.
Also supplied is a program to convert UNIX password files to OS/2
compatible format.
INSTALLATION
------------
1) Create a directory to contain the password file, log file, and banner
(welcome) files.
2) Rename the \tcpip\bin\login.exe program to loginold.exe
3) Copy the supplied login.exe and login2.exe programs to the \tcpip\bin
directory
4) Place the passwd.exe and cnvtunix.exe program in a directory in your path
5) Copy the supplied telnetd2.cmd file to \tcpip\bin.
6) Edit the telnetd2.cmd file that was just copied so that the line that says
"SET COMSPEC=c:\tcpip\bin\login2.exe" points to the actual path where
you just copied login2.exe. For example, if your \tcpip\bin directory
is on drive D, change the line to:
"SET COMPSEC=d:\tcpip\bin\login2.exe".
7) If you use INETD, edit the \tcpip\etc\inetd.lst file so that the line that
says "telnet tcp telnetd" to "telnet tcp telnetd2"
8) If you don't use INETD, always start telnetd by typing "telnetd2". If it is
called in TCPSTART.CMD, fix it there too.
9) Setup the necessary environment variables in CONFIG.SYS as described in
"Configuration," below.
10) Reboot to allow environment variable changes to take effect
11) Configure a password file as described in "Configuration," below.
That's it!
CONFIGURATION
-------------
**** Environment Variables ****
The login and passwd programs depend on the proper settings of several
environment variables. These variables are described below:
Variable Set to:
-------- -------
PASSWD Drive and path of password file, i.e. c:\login\passwd.fil
LOGINLOG Drive and path of log file, i.e. c:\login\login.log. If
logging is not desired, do not set this variable.
LOGINBAN Drive and path of welcome banner, i.e. c:\login\welcome.txt. This
file will be displayed before the login prompt.
LOGINOK Drive and path of file to be displayed when someone successfully
logs in.
TELPROMPT The prompt to be used by shells spawned by the login program,
i.e. "[%hostname%] $p$g"
LOGINNF Drive and path for the file in which the login name of the
currently logged-in user is placed.
**** The Password File ****
The password file used by this set of programs is similar to that of a UNIX
"passwd" file. Each line represents the data for one user, and is in the
following format:
username:encrypted_password:0:shellflag:Real Name:default_dir:;default_shell
This format differs from the UNIX format in the extra semicolon before the
default shell and the different usage of the two fields following the
encrypted password.
USERNAME: the name that the user will type when logging in
ENCRYPTED_PASSWORD: the DES-encrypted password for the user
0: this is a reserved field and should be set to 0
SHELLFLAG: This field can be set to 1 or 0 to determine the method that will
be used to present the user with a shell. If it is set to 1, the
shell listed in the default_shell field will be spawned directly by
the login program upon a successful login. In this case, the initial
directory will be that specified in the default_dir field, and the
user's username will be placed in the environment variable "TELUSER."
Note that TELNETD.CMD will NOT be called if this option is used, but a
prompt can still be set with the TELPROMPT environment variable. If
this flag is set to 0, the standard sequence will be followed:
TELNETD.CMD will be processed and the default system shell (usually
\os2\cmd.exe) will be called by TelnetD.
REALNAME: This field is used to hold the real name of the user
DEFAULT_DIR: This field contains the default directory of the user. If
shellflag is set to 1, this will be the first directory presented to
the user when the shell is spawned. This field has no effect when
shellflag is set to 0. This field should be in a fully-qualified drive
and path form, but using FORWARD SLASHES! For example, c:/tcpip/public
or d:/
DEFAULT_SHELL: This field holds the drive and path of the shell that will be
spawned by the login program. This field has no effect when
shellflag is set to 0. The shell should be specified in
fully-qualified drive and path format, but using FORWARD SLASHES, i.e.
c:/os2/cmd.exe or d:/4os2/4os2.exe. To disable user login, set the
default_shell field to a nonexistent path. Note also that this field
is delimited by a colon followed by a semicolon.
**** Setting up the Password File ****
NOTE:If you already have a UNIX password file, see below on the usage of the
CNVTUNIX utility.
To create and configure the password file, the PASSWD.EXE program should be
used. Note that the environment variables MUST be set as specified above
before you configure the password file.
To create a new password file, run the PASSWD program with no arguments. You
will be prompted to create a root entry in the new password file; the password
you supply will be required to add users to the password file, and must be
used to change the shell/directory information for other users.
The PASSWD program takes up to 2 arguments. The first is a switch which
specifies the action you wish to take (see below). If no switch is specified,
it is assumed that you wish to change a password. The other argument that is
accepted by PASSWD is the username. For example, to change the password for
user "sample," type: "passwd sample." To change the default directory for user
"sample," type: "passwd -d sample." If you do not specify the username on the
command line, PASSWD will prompt for it.
A summary of (mutually exclusive) command-line switches follows:
<none>: change password
-a: add new password file entry
-r: remove password file entry
-n: change real name field
-s: change default shell field
-d: change default directory
-p: change shell launching preference
-h of -?: show help screen
Note: Guest Access
To set up guest access (i.e. access which does not require a password)
for a specific user, just hit return each time when prompted for the
username. The password field will be then set to nothing.
**** Using the CNVTUNIX utility ****
The CNVTUNIX utility can be used to convert UNIX-style password files to OS/2
password files. It will retain the username, password, and realname fields,
and replace the other fields with OS/2 specific equivalents. The syntax of the
CNVTUNIX command line is:
cnvtunix <sourcefile> <destfile> <defdir> <defshell> <shellpref>
<sourcefile>: UNIX password file to be converted
<destfile>: OS/2 password file to be created
<defdir>: default directory to be used for all users
<defshell>: default shell to be used for all users
<shellpref>: 1 if default shell is to be used, 0 if telnetd.cmd is preferred
Note that if <destfile> exists, it WILL BE OVERWRITTEN.
The <defdir>, <defshell>, and <shellpref> fields will be inserted into every
entry in the new OS/2 password file. Individual entries can then be
configured with the PASSWD utility.
IMPORTANT: If there is not already an entry for "root" in the password file,
run PASSWD with no command-line options to create this essential entry
before using LOGIN or PASSWD!
SECURITY AND LOGGING
--------------------
The OS/2 operating system was not designed to be a multiuser operating
system, and thus does not have a protected, multiuser file system. However,
IBM's TCP/IP kit essentially converts OS/2 into a multiuser OS without greatly
increasing its security. The package of programs included here greatly
increases the _access_ security of your machine; it is much more difficult for
a user to obtain Telnet access when the supplied login system is in place.
However, it is not foolproof, and it cannot insure security once the login
process has been completed.
The password file used by these programs contains DES-encrypted
passwords that are extremely difficult to crack. Unlike UNIX systems which
use the same encryption scheme, though, the OS/2 password file is by nature
world readable and writable. Thus anyone with access to the physical machine,
or with FTP or Telnet Shell access can modify the password file, potentially
removing or blocking other user logins.
If you are planning to give access to people in whom you do not have
complete confidence, I recommend that you use the capability of this login
program to spawn a shell, and set that shell to a menu-driven, uninterruptable
program that insulates the user from the filesystem; that's what I've done on
my machine and haven't yet had security problems. To disable a user's access,
set their shell to a nonexistent file, such as c:/nul.nul.
To help insure the security of the system further, and to help
identify break-ins, the login program supports full logging of access attempts,
both correct and incorrect. If the environment variable "LOGINLOG" is set to a
correct path and filename, the login program will record the time, date, and
username for each login attempt. The login program will also store the name of
the current correctly-logged-in user in the file specified by the LOGINNF
environment variable; the same username will be placed in the environment
variable TELUSER. These are reset with each correct login, but can be used by a
shell or other program to track security and logins.
Finally, note that these programs have no effect on FTP, RSH, LPR, or
any other daemon's security. They affect ONLY TelnetD.
SUPPORT INFORMATION
-------------------
Please send bug reports and suggestions for future versions to
abrown@husc.harvard.edu.
Technical support is available to registered users; see the REGISTER.DOC file
included with this archive for more information on registering.
WARRANTY AND LICENSE
--------------------
This software is shareware. You may evaluate it free-of-charge for 15 days.
If you intend to use this software after the 15 day trial period, please
register it. See the included REGISTER.DOC for more information.
This software is provided "as-is." Aaron B. Brown disclaims all warranties,
whether expressed or implied, including without limitation warranties of
fitness and merchantability with respect to this software and the accompanying
documentation. Neither Aaron Brown nor anyone associated with him are
responsible for any damages incurred through the use of or the inability to
use this software. By using this software, you agree to these terms.
This software is shareware. If you continue to use this software after the
15-day trial period has elpased, a registration fee is required. If you
register this software, you will receive notification of new releases as they
are made available, and will be entitled to receive free upgrades when they
are released.
This software may be distributed freely, provided that there is no fee
charged for the program, and that all of the original files are included
in the distribution without modifications. A distribution fee may be
charged, provided that no special fee is charged for this software.
This software is Copyright (c) 1994 by Aaron B. Brown.
Portions Copyright (c) 1989 The Regents of the University of California.
All rights reserved.
+-------------------------------+---------------------------------------+
| * Aaron B. Brown * | "The way out is through the door. |
| * Harvard University '97 * | How can it be that so few |
| * abrown@husc.harvard.edu * | people use it?" |
|-------------------------------+---------------------------------------|
| ****** Finger abrown@husc7.harvard.edu for PGP public key ****** |
+-------------------------------+---------------------------------------+