home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 8 Other
/
08-Other.zip
/
upmlg101.zip
/
readme
< prev
next >
Wrap
Text File
|
1999-01-19
|
11KB
|
326 lines
UPMLOGIN V1.01 Readme
====================
Contents
========
1. What is the UPMLOGIN package for ?
2. Install and configure TNLOGIN
3. Prerequisites/Restrictions/Limitations
4. Freeware license
5. Disclaimer
6. Check the archive integrity with
Pretty Good Privacy (PGP)
7. Author
1. What is the UPMLOGIN package for ?
=====================================
UPMLOGIN provides a replacement program for TNLOGIN.EXE. This
program is part of the IBM TCP/IP package and verifies the
password for telnet logins. The default TNLOGIN program has
several shortcomings: first of all, it searches for an
environment variable, which is to hold the telnet login
password. That means, whoever has read access to the CONFIG.SYS
of the machine once, knows the password for telnet logins.
More, there is no real user verification, that is, there is only
one password to be configured instead of a userid/password
combination.
There are several TNLOGIN replacements. Some of them use the
unix-like passwd file, but this one uses the local User Profile
Management of a Peer or a File and Print Client installation or
a LAN/WARP Server Client. That way you can configure users in
the UPM GUI.
Another option is to verify the user/password combination
against the User Profile Management of the default domain of the
workstation, which is hosting the telnet server (see next
section). This enables users to login always with their current
LAN/WARP Server Logon password.
2. Install and configure TNLOGIN
================================
Run install.cmd to install the UPMLOGIN package into
your TCP/IP program direcotry and the %ETC% directory.
More, a WPS folder with some program objects is created,
which give you direct access to message files and
log files and the User Profile Management.
INSTALL.CMD makes a backup copy of your old TNLOGIN.EXE, before
it copies the replacement for it.
Then you have to configure telnet login users (and, if you like
to, additional restrictions for telnet login in the "User
Profile Management" (UPM) of OS/2. See the following feature
list for details.
UPMLOGIN comes with english and german National Language Support.
If your TCP/IP is a german version, the german NLS will be
installed. Otherwise the english NLS will be installed.
Features:
---------
Autodisplay of textfiles
------------------------
- the contents of the file %ETC%\issue is displayed before a
login, if it exists.
- the contents of the file %ETC%\motd (motto of he day) is
diplayed after a successful login, if it exists.
UPMLOGIN comes with two default files. You may want to either
delete both filse or clear its contents or edit them to change
the text to something meaningful.
Logging facility for login attempts
-----------------------------------
- good logins are logged to %ETC%\tnlogin.log
- bad logins are logged to %ETC%\tnlogin.err
Login error handling
--------------------
- In case of error, TNLOGIN waits for 5 seconds after login,
so that one can read the error message, before telnetd
clears the screen. If you configured all or certain users
for debug output (see below), instead of a 5 second delay
TNLOGIN waits for a key being pressed.
Domain, Group Membership and Privilege Verification
---------------------------------------------------
TNLOGIN searches the local UPM for a special configuration
user account named TNUSER and a special group TNLOGIN. If both
do not exist, beside the verification of the userid/password
combination no other verification takes place. The following
section explains how to use the TNUSER account and the TNLOGIN
group within local UPM is used to configure additional group
membership and privilege verification.
There are other special groups, that are searched for:
- TNLOGIN_VERIFYDOMAIN
If the TNUSER configuration user account is member of that
group, the userid/password combination is verified against
the default domain of the workstation hosting the telnet
server. This enables users to login always with their
current LAN/WARP Server logon password. In order to verify
only certain users against the domain, do not add TNUSER to
that group, but make only those certain users a member of
the TNLOGIN_VERIFYDOMAIN group.
- TNLOGIN_VERIFYLOCAL
Normally you do not need this group, because local
verification is default. This group is useful, if you want
TNLOGIN to verify most users against the domain (thus you
add TNUSER to the TNLOGIN_VERIFYDOMAIN group), but let a
few be verified locally. For that you add only those users
to the group TNLOGIN_VERIFYLOCAL.
- TNLOGIN_DEBUG
If the TNUSER configuration user account is member of that
group, additional debug information is displayed during
login for all users and a pause command is executed after
a login error. If you make only certain users a member of
this group, only for them additional debug information is
displayed and a pause command executed after a login error.
Note:
-----
- all group membership verifications are done against local
UPM, even when domain verification is activated for the
userid/password combination.
- The TNUSER configuration account in the local UPM may be an
inactive dummy account.
If a user needs to be a member of a local group then, also
an inactive dummy account for that user within the local
UPM is sufficient for this.
- When using TNLOGIN on server machines, the local UPM is
identical to the domain UPM. Always use local verification
here, so that a (GUEST) logon is not required.
The following is required for a successful telnet login:
........................................................
-> if the group TNLOGIN exists, a user must be a member of
this group.
-> if the configuration user account TNUSER exists, a login
user must be in one of the groups, of which the TNLOGIN
account is member of.
Exeption of this rule are the system groups (ADMINS and
USERS) and the special groups TNLOGIN_*
If TNLOGIN is not member of any non-system group and
special TNLOGIN_* group, this verification is skipped
completely.
-> if the TNLOGIN account is an administrator, a login user
also needs to be an admin.
-> Normally all userid/password combinations are verfied
against the local UPM. If the configuration user account
TNUSER is member of a special group named
TNLOGIN_VERIFYDOMAIN, all userid/password combinations are
verfied against the default domain of the workstation,
which is hosting the telnet server. (Hint: IBMLAN.INI
contains the name of the default domain.)
If only certain users are member of the group
TNLOGIN_VERIFYDOMAIN, only those users login is verified
against the domain.
Domain verification requires a domain logon on the system
hosting the telnet server. If no logon is currently active,
TNLOGIN tries to logon the GUEST id with no password. This
logon is left active afterwards, so that a subsequent
TNLOGIN does not need to logon again.
If you want all users to be verified against the domain,
but let a few be verified locally, let TNUSER be a member
of TNLOGIN_VERIFYDOMAIN, but add those exceptions to the
special group TNLOGIN_VERIFYLOCAL.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
See my homepage for further details
about configuring UPMLOGIN !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3. Prerequisites/Restrictions/Limitations
=========================================
This package requires one of the following TCP/IP packages being
installed:
- IBM TCP/IP for OS/2
- Internet Access Kit for OS/2
Further, one of the following client packages are required:
For OS/2 WARP 3:
- Peer Client for OS/2
For OS/2 WARP 4:
- File and Print Client
or for all OS/2 versions:
- LAN/WARP Server Client for OS/2
Note:
-----
- For verifications against a LAN/WARP Server domain, a GUEST
account without a password is required to be defined in that
domain.
- One cannot login through TNLOGIN using the GUEST account,
because GUEST accounts normally do not have a password.
- for enabling you to create the special groups
TNLOGIN_VERIFYDOMAIN and TNLOGIN_DEBUG, the installation
program calls the UPMCSET utilitiy of the User Profile
Management in order to activate the extended character set.
This is required to allow both underscores and longer names
than eight characters being used.
If you wish, you can reset to the minimal characterset again
after having created those special groups, because the used
characterset is only checked for during the creation of user
and group names. To reset to the minimal characterset execute
the following command:
UPMCSET /M
4. Freeware license
===================
This software package is freeware.
It can be used wherever you use OS/2 WARP Version 3 or later.
You are allowed to freely use and distribute UPMLOGIN as long as
- UPMLOGIN is not sold as a part of another program package;
- no fee is charged for the program other than for cost of
media;
- the complete package is distributed unmodified in the
original and unmodified zip file;
- you send me some e-mail telling me how you liked it (or
didn't like it), and/or your suggestions for enhancements.
5. Disclaimer
=============
Since this program is free, it is supplied with no warranty,
either expressed or implied.
I disclaim all warranties for any damages, including, but not
limited to, incidental or consequential damage caused directly
or indirectly by this software.
All software is supplied AS IS. You may use the UPMLOGIN package
only at your own risk.
UPMLOGIN must not be used in states that do not allow the above
limitation of liability.
6. Check the archive integrity with
Pretty Good Privacy (PGP)
===================================
On my homepage I provide a detached signature certificate,
with which you can verify, that you downloaded an unmodified
version of this archive.
See my web pages also
- for links to PGP sites, where you can obtain further
information on what PGP is and how you can install and use it
under OS/2
- a manual for how to use PGP for the usage of such signature
certificates.
See section "Author" for the location of my homepage.
7. Author
=========
This program is written by Christian Langanke.
You can contact the author via internet e-mail.
Send your email to C.Langanke@TeamOS2.de
You can also visit my home page and download more free OS/2
utilities at:
http://www.online-club.de/m1/clanganke