home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BBS Toolkit
/
BBS Toolkit.iso
/
gt_power
/
chnge200.zip
/
CHANGE.DOC
next >
Wrap
Text File
|
1989-12-16
|
22KB
|
542 lines
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
CHANGE
by Stephen de Plater
GTPN Net Address: 302/1
Voice: +61 2 977-3075
Data: +61 2 977-2013
======================================================================
0. REVISION LIST
======================================================================
VERSION: Release Date: Comments:
------- ------------ --------------------------------------
1.10 May 21, 1988 GT14 sensitive -- color added.
Pathnames removed, replaced by area
numbers.
1.11 May 24, 1988 BLUSH! A fix for a bug which has been
lurking for MONTHS, and no-one saw it!
(I don't mind when it ignores other
people, but when it refuses to change
MY password, that's serious!)
1.12 May 24, 1988 Oh dear! Two revisions in one day,
they're becoming even more frequent
than revisions to a certain
(excellent) external protocol driver!
Added Standard Command Line Interface.
Added one optional command line
parameter [/m] -- force monochrome.
1.20 May 1, 1989 Vastly upgraded password supervision.
A number of auxiliary programs have
been added to this archive (see
below).
>> page 1 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
A new registration scheme is now in
place.
1.21 May 17, 1989 A small cosmetic change in the options
displayed when changing passwords (to
match the same adjustment in
GREETING). Users are no longer
prompted for the number of a suggested
password if they have not had any
suggested for them.
A bug existed which rejected every
password attempted by users with
single names only (no last name).
Fixed!
2.00 December 16, 1989 GT15 version released.
======================================================================
1. COPYRIGHT
======================================================================
CHANGE is not placed in the Public Domain. The copyright is retained
and the software is provided on licence:
You are free to use and make as many copies of this program as you
wish. You may also give it away to any nodelisted GT Sysop who wants
it, provided:
1. No fee is charged.
2. This archive is distributed intact.
3. You register the package with an OZNET registration
centre.
Beta code should be treated exactly as full releases are treated.
That is, beta code may also be distributed to any nodelisted Sysop
without restriction. You should be aware of course, that beta code
may not be as refined as the full release versions would be, and what
you see there may change when the beta tag is removed.
>> page 2 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
======================================================================
2. REGISTRATION
======================================================================
A new registration scheme now applies to all OZNET software.
Regardless of any previous registration, this program now requires
individual installation for each BBS using it.
There is still NO fee involved at all. DO NOT send any money!
Registration simply involves obtaining from me a CRC code which
matches your BBS name. You may do this at any of the four OZNET
registration centres:
Kangaroo Korner 302/001 Stephen de Plater
The Black Hole 302/003 Ken Thompson
TSUNAMI! Catch the Wave 006/000 Chet Wilkinson
Control Systems 071/001 Ed Cavender
If you are in the nodelist then you will be able to register direct
online at any of those centres or via mail in the correct form to
OZRobot at any of those centres. See the included OZRobot document
for details. If you are not in the net you will need to apply via
private netmail or message to Sysop at any of the centres. Whatever
way you do it you will need to supply the full (case sensitive) name
to which you want the program registered.
You will also need to obtain the OZINSTAL program which performs the
actual installation. OZINSTAL is not included in this archive. You
should look for OZINST11.ZIP.
======================================================================
3. PURPOSE
======================================================================
(Or what does this thing do anyway?)
CHANGE is a door program for GT Power BBS Systems. It allows users to
change
1. Their City/State,
2. Their Phone number, or
3. Their Password.
>> page 3 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
======================================================================
4. USAGE
======================================================================
To use change, simply install it as a door much like this:
@echo off
gtdrwy
doorway [various params] change.exe [various params]
For the user, all that is necessary is to open the door and pick the
options.
Any or all of the three fields may be changed, and at any stage the
user has the option of saving the changes or quitting back to the
board with the changes unsaved.
======================================================================
5. COMMAND LINE PARAMETERS
======================================================================
There are three command line options.
1. /M Force Monochrome. With this option, Ansi graphics will
not be used even if GT14 is detected and the user has
specified Ansi graphics on.
2. /Lnn The minimum length of password allowed on this system. I
don't consider 4 character passwords secure! The default
here is 6. If you choose a number above 8 it will be
reset down to 8. That is, you cannot demand a minimum
password length of 15 characters! This is required so
that the automatic password suggestion feature will
produce passwords which can actually be used.
3. /T Tight security. With this switch on the algorithm for
determining "is similar to" when checking against a
password previously used, is tighter. Without this
parameter the rule is that the new password may not be
contained within any password previously used, and no old
password may be contained within the new. When this flag
is enabled no sequence of 5 characters in the new password
may be contained in any password previously used. The
nett effect of this is that without tight security a user
>> page 4 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
with a password of say MYPASSWD1 would be permitted to
change it to MYPASSWD2, whereas with tight security ON
that change would be flagged as "is similar to" and
rejected.
The number of characters checked in this way may be
varied. The default is 5, which is minimum allowed (and
below which the feature turns itself off). You can change
it by specifying a number with this parameter (e.g. to
relax it to 7 characters [the higher the number the more
relaxed the checking], you would use /T7).
SPECIAL FILES USED
------------------
There are two special files used and maintained by both
CHANGE and GREETING. One contains user names and last
change dates only. The other contains a log of usernames,
change dates, and old and new passwords. This second file
is encrypted and hidden. The encryption key is chosen by
the programs and is different for each BBS. That is, if
you DID manage to get hold of my copy of this file, your
copies of the programs could not read it! These files are
maintained by PASSMNT1.EXE and PASSMNT2.EXE respectively.
The contents of these files can be examined. SHOWPASS.EXE
examines the first file, and SHOWPL.EXE examines the
second. Neither of these programs will transmit ANY
confidential information over a phone line. All four of
these programs stamp the GT.LOG each time they are run.
These programs are supplied only with the CHANGE program.
There is another file which is also used, if present (in
the LAN directory or the GTPATH directory if the LAN
directory is not defined). DEADPASS.BBS is a pure ASCII
file containing, one entry per line, passwords which are
not allowable on your system. Any password which contains
any one of these lines will be rejected. For example, I
don't think that "PASSWORD" is a very secure password, so
I have placed "PASSWORD" in my DEADPASS.BBS. I have also
placed "KANGA" there, so any derivative of the BBS name
will also be rejected. This file may have up to 100
entries.
>> page 5 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
Nothing special is required to enable the password
supervision functions of GREETING and CHANGE. Once the
MKPSCHNG program has been run (see below) both CHANGE and
GREETING will detect that fact and take over supervision
functions from that point.
======================================================================
6. COLOURS
======================================================================
Change is sensitive to the colours which the GT is using. If you
don't like the colours you see, just remember that you chose them
<grin>.
======================================================================
7. AUXILIARY PROGRAMS
======================================================================
Five auxiliary programs are supplied with CHANGE. They are all
associated with the password supervision functions of CHANGE and
GREETING.
In order to run ALL FIVE MUST be OZNET registered.
1. MKPSCHNG.EXE
============
This program should be run ONCE ONLY! Its entire function is
to generate the first of the special files mentioned above.
The presence of this file is the key which enables password
supervision for both CHANGE and GREETING. When this program is
run it generates a file which contains for each user, the
username, and a date/time stamp, (the date/time of the last
password change). Since this information is not known to begin
with, the file is initialised with the date/time of the last
logon for each user. That's why you should only ever run it
once. This file (once generated) is maintained automatically
by both CHANGE and GREETING.
MKPSCHNG has no parameters.
>> page 6 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
2. PASSMNT1.EXE
============
Having said that much, this program also maintains that same
file. Its entire job is to remove from the file records of
users who are no longer in the USER file. So, if you delete a
user this program completes the process by removing that user's
name from this file.
PASSMNT1 has no parameters and should be run regularly as part
of a maintenance batch file. (I run it daily).
3. PASSMNT2
========
This program maintains the other file (which is hidden and
encrypted). This file is a log which contains one entry for
each password change. The purpose of this program is to delete
old entries from this log. No user will be allowed to re-use a
password which is listed against his name in this log, or even
to use a similar password.
PASSMNT2 has one optional parameter (/S) which can be used to
set the "stale" time. The default is 180 days. This program
deletes all entries older than this from the log. It should be
run regularly as part of a maintenance batch file. (I run it
daily).
4. SHOWPASS.EXE
============
This program displays (on the local console ONLY -- it will NOT
allow ANY output to be sent over a phone line) the name,
current password, and last change date/time of each user. Of
course, if you are using DOORWAY 2.05 in the direct screen
write mode, then you will fool this program also. In that
case, it CAN be run remotely and the results seen. Be warned!
>> page 7 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
5. SHOWPL.EXE
==========
This program displays the password change log. Again, the
display will go ONLY to the local console, NO information will
be sent over a phone line (although the same comments apply
here as for SHOWPASS above).
For each password change the date and time, the username, the
old password (changed from), the new password (changed to) and
a flag which indicates whether or not the change was forced,
(an 'F' in the last column), is displayed. Forced changes are
those required by GREETING, changes made by CHANGE (which are
not forced) are marked with a '-' character.
PASSMNT1, PASSMNT2, SHOWPASS, and SHOWPL all stamp the GT.LOG
file each time they are run.
======================================================================
8. LIMITATIONS
======================================================================
There is only one practical limitation with this series of programs.
If the number of users in your default area on your BBS exceeds 1500
some internal tables may well overflow and cause unpredictable
results. This limitation does not apply to CHANGE itself, but only to
some of the auxiliary programs. It this limitation poses a serious
problem for you (that is, if you have a BBS with a HUGE number of
users) I guess I can work on a way around this one for you.
======================================================================
9. ACKNOWLEDGEMENTS
======================================================================
Both CHANGE and GREETING when changing passwords will, if requested by
the user, suggest a series of passwords which may be used. These
passwords, each eight characters long, are formed by randomly choosing
two words of 4 characters from a list of over 1000. There are over
1.5 million possibilities. This feature was suggested by John Della-
Torre from 302/0, "The Poet's Dilemma."
>> page 8 <<
CHANGE: v2.00 by Stephen de Plater
December 16, 1989 GTPN Net Address 302/1
======================================================================
10. DISCLAIMER
======================================================================
Q: What kind of guarantee comes with this software?
A: *** ABSOLUTELY NONE!!! ***
If you break it you get to keep both halves!
I take no responsibility at all for what this software may do on any
computer other than my own. If you use it you do so at your own risk.
All that I am prepared to say about it is that it works fine here (and
I can see no good reason why it should not also work fine everywhere
else also -- but ....)
By using this program you accept these conditions.
======================================================================
11. ENJOY!
======================================================================
At least, I hope you do!
Stephen
(Revd. Stephen de Plater
1 Kangaroo St.
MANLY 2095
AUSTRALIA)
>> page 9 <<
