home *** CD-ROM | disk | FTP | other *** search
-
- This program was written from inspiration I got at the UNIX System V release 4.0
- Software Developer's conference I attended back in 1988 in Chicago, Il.
- During the "Q&A" session I asked the following question:
-
- Q: "Will the previously undocumented feature of /bin/login for
- Dialup Passwords be documented, as well as, having appropriate
- utilities to manage adding and removing dialup passwords?"
-
- A: No, it will remain undocumented and therefore will have nothing
- on the system to manage those passwords.
-
- Spending about 20 minutes, I decided to write my own. Previously I had to
- kludge it by adding the program/pathname to /etc/passwd, executing the
- "passwd" command and then moving the encrypted password to /etc/d_passwd.
- This was quite a pain, especially as a system administrator. Enclosed
- is a program I call, "dpasswd". It basically handles the undocumented feature
- that was in AT&T's UNIX System V release 2.0 and beyond (/bin/login).
-
- For those who are unsure what I'm talking about, here's a brief explanation.
- /bin/login will look in a file called /etc/dialups for tty devices that
- are to be declared as "dialups". The format of the file is /dev/tty names
- terminated by newline. If the login tty is found in /etc/dialups, it will
- then go to /etc/d_passwd, and look for your "login-default shell" in there.
- The format of this file is:
- login_default_shell_path:encrypted_passwd:
-
- If your terminal is in the /etc/dialups file and you are logging in on that
- terminal, you will then prompt you for "Dialup Password:" after you enter
- your initial password correctly. If you enter the dialup password
- incorrectly, you will be denied login.
-
- Programs like /usr/lib/uucp/uucico should be placed in the /etc/d_passwd file,
- but should have null passwords (using the -n flag). (This will prevent having
- to give people with uucp logins another password -- you can give them one,
- if you so desire).
-
- Sample files are as follows:
-
- /etc/dialups:
- -------------
- /dev/tty000
- /dev/ph1
-
- /etc/d_passwd:
- --------------
- /bin/sh:5N2JYZGqf8wnM:
- /bin/ksh:UeH0wlIpW0gyQ:
-
- Usage: dpasswd [-q] [-n] [-d] -p program -t terminal
-
- -q be silent about changes
- -n make the password null
- -d delete restriction
- -p program add (or delete) restriction for program (use full pathname)
- -t terminal add (or delete) restriction for terminal (don't use "/dev/")
-
- eg.
-
- # dpasswd -q -t tty001 -p /bin/sh
- # dpasswd -q -t /dev/ph1
- # dpasswd -q -p /bin/ksh
-
- # dpasswd -t tty001
- dpasswd: Dialup terminal restriction added for /dev/tty001.
-
- # dpasswd -t tty001
- dpasswd: Terminal /dev/tty001 already found in /etc/dialups.
-
- # dpasswd -t ph1 -p /bin/ksh
- New Dialup Password:
- Retype Dialup Password:
- dpasswd: Dialup terminal restriction added for /dev/ph1.
- dpasswd: Dialup program restriction added for /bin/ksh.
-
- # dpasswd -d -t ph1 -p /bin/ksh
- dpasswd: Dialup terminal restriction removed for /dev/ph1.
- dpasswd: Dialup program restriction removed for /bin/ksh.
-
- # dpasswd -n -t ph1 -p /bin/ksh
- dpasswd: Dialup terminal restriction added for /dev/ph1.
- dpasswd: Dialup program restriction added for /bin/ksh.
-
- Appropriate "messages" will be given for all cases.
-
- If the program is compiled with the -DDEBUG flag, then diagnostic output
- will accompany the normal output.
-
- If the program is compiled with the -DTEST flag, then the program will be
- placed in testing mode, and the pathnames for the dialup password files
- will be your current directory.
-
- Any problems, corrections, criticisms, and modifications, should be directed
- to me.
-
- ===
- | Lenny Tropiano ICUS Software Systems lenny@icus.ICUS.COM |
- | {ames,pacbell,decuac,sbcs,hombre,rayssd}!icus!lenny attmail!icus!lenny |
- +------ ICUS Software Systems -- PO Box 1; Islip Terrace, NY 11752 ------+
-
