home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Aminet 1 (Walnut Creek)
/
Aminet - June 1993 [Walnut Creek].iso
/
aminet
/
util
/
crypt
/
login1091.lha
/
login.doc
next >
Wrap
Text File
|
1993-01-06
|
20KB
|
529 lines
LOGIN (1) Local Tools LOGIN (1)
NAME NAME
login, passwd, chsh, chfn, finger, last, nu
- user/password tools
SYNOPSIS SYNOPSIS
login
[-t dimtime] [-T blanktime] [-l [0]]
[-w [0]] [-c [0]] [-i [0]] [-h [0]]
[-r restrictions] [-d dimfactor] [hostname]
passwd
[user]
chsh
[user]
chfn
[user]
finger
user
last
[user]
nu
DESCRIPTION DESCRIPTION
These tools control who may have access to your
computer both on console and over a serial line shell
(TTY). Logins are restricted by the program
login
. The other programs are for use by users
and by the system maintainer (known as "root") for
changing the characteristics of a user's environment
and for adding allowed users. Restrictions are
accomplished by requiring a password for each valid
user; users can have unique passwords, and passwords
are encrypted so as to keep one user's password unknown
to others. The user database is contained in the file
etc:passwd
, in a format almost identical to
that of the Unix
/etc/passwd
file. Each user
can have a customized environment including private
name, home directory, and shell. The initialization of
the user's environment is performed by means of the
environment variables
USER
,
HOME
, and
SHELL
, respectively; see the section
ENVIRONMENT below for details.
Following is documentation on the individual programs:
login
login
is the actual user-access control tool.
It can operate either on console (with a custom screen
and window) or on a shell/TTY (with "login: " and
"Password:" prompts). The former resembles the NeXT
login screen; the latter is like remote login to a Unix
machine.
login
in console mode opens a screen and
displays a window containing a host identifier name and
two string gadgets. The host name is read from the
command line, or from the environment variable
HOSTNAME
if no name is given on the command
line. The gadgets are for entering a user name and a
password, respectively. All text is shown in the
Helvetica font. For interlaced screens, Helvetica-18
is used; for noninterlaced screens, Helvetica-9 is
used. Both sizes are supplied in the AmigaDOS system
software package. Supplied here are the nofont-18 and
nofont-9 fonts, which are used exclusively for the
AmigaDOS Local Last Change: 06-Jan-93 1
LOGIN (1) Local Tools LOGIN (1)
password gadget. Nofont displays nothing for any
character, so the password text is invisible. If
either of these fonts is unavailable to the system,
login
uses the ROM-based Topaz-8 font instead.
The screen opened by
login
is of the same size
as your Workbench screen, as obtained from Preferences.
If Preferences are not available, a size of 640x400 is
used. This can be modified with the
-h
and
-i
options:
-h0
opens a low-resolution screen (320+
across);
-h1
opens a high-resolution screen (640+
across);
-i0
opens a non-interlace screen (200+
down);
-i1
opens an interlace screen (400+ down).
The '+' refers to the fact that the default Preferences
screen size is either maintained or halved; thus
opening a 700x520 Prefs screen with
-h0 -i0
actually creates a screen of size 350x260. This screen
sizing is performed so that the login window, which is
always 320 or 640 pixels across and 200 or 400 pixels
down, will always be centered on your monitor (assuming
that you have previously configured your Preferences to
center the screen). Note that if interlace is turned
off, Helvetica-9 and nofont-9 become the defaults for
text display. You should have all four fonts in your
FONTS:
directory.
The colors of the login screen are defined by the file
etc:palette.ilbm
. This is a standard 2.0
Preferences palette file. You can also create this
file by naming any IFF picture, such as one created by
Deluxe Paint, as
etc:palette.ilbm
. The first
four colors in the file's CMAP (ColorMAP) chunk define
the colors used for
login
's screen; load the
supplied
etc:palette.ilbm
into an image editor
or your Preferences/Palette to see how the colors are
arranged. Also, if your
etc:palette.ilbm
contains a CAMG chunk, as do all DPaint images,
login
reads the default screen parameters
(i.e., high/low-resolution, [non]interlace) from this
file instead of from Preferences. The screen mode is
still subject to the
-h
and
-i
options,
however.
Once the login screen appears,
login
takes
control of the user's access to the display by pushing
its screen in front of all other screens ten times per
second. This behavior is terminated only when a valid
username and password are entered into the gadgets,
whereupon the screen closes and the environment
variables
NAME
,
USER
,
HOME
, and
SHELL
are defined. See the ENVIRONMENT section
for information on how to make use of these variables.
While the login screen is up, input devices are
monitored and actions are taken based on what's
AmigaDOS Local Last Change: 06-Jan-93 2
LOGIN (1) Local Tools LOGIN (1)
happened lately. If there is absolutely no mouse
movement or keyboard input for 180 seconds (three
minutes), the screen will dim to 1/6 brightness until
such input is received. If no input is received for
3600 seconds (ten minutes), the screen is blanked
entirely. These times can be redefined with the
-t
and
-T
options on the command line;
for example,
-t30 -T1800
causes dimming to
occur after 30 seconds and full blanking to occur after
five minutes. If a value of 0 is used for either
option, that type of blanking will be disabled. The
brightness of the dimmed screen can be configured with
the
-b
option; for example,
-b4
will
cause the screen to dim to only 1/4 brightness.
The
-w
option causes
login
to attempt
to close the Workbench screen. This is not necessary,
since
login
pops its screen to front each
tenth/second, but it might make you feel better. Note
that Workbench can be closed only if there are no
windows owned by other programs on the WB screen and if
login
was not launched by Workbench. Using
-w0
has no effect;
login
will not
attempt to close Workbench.
The
-c
option forces
login
to use the
console display, as does using either
-h
or
-i
. If none of these options are used,
login
runs in TTY mode.
login
's TTY mode operates very similarly to the
login sequence on Unix machines. An example login
sequence follows:
AmigaDOS 37.132 (MyKickstart) 04-Jun-92
login: dgc3
Password:
User dgc3 logged in.
The
login:
and
Password:
prompts are
simple text-entry prompts; the user should enter his
user name and unencrypted password here. The user is
allowed three attempts to enter a correct combination.
Once a correct combination is given,
login
terminates with a return code of 0. If all three
attempts are invalid, login fails with a return code of
20. This is sufficient to halt a shell script which,
for example, allows connections over a serial line.
When writing such scripts, be sure to check for return
codes, or even a failed login attempt will permit the
login to continue.
The introductory banner is generated acording to the
template:
AmigaDOS VERSION (KERNELNAME) DATE
VERSION is found by querying the host's Exec.library
AmigaDOS Local Last Change: 06-Jan-93 3
LOGIN (1) Local Tools LOGIN (1)
base and finding the current OS revison. (Note that
login
requires a version of 36 or greater in
order to function.) KERNELNAME is found by examining
the file
devs:Kickstart
. This file contains the
operating system on the earlier, soft-booting A3000s.
If
devs:Kickstart
is not found, the string
Kickstart
is used by default. If
devs:Kickstart
is found, the KERNELNAME is
copied from the first NULL- or NEWLINE-terminated
string beginning at offset 49 of the
devs:Kickstart
file. If you like to hack on
your Kickstart, as I do, you can alter this string
safely and cause
login
to display the name of
your customized Kickstart. The kernel name is
terminated after a NULL (0x00) or NEWLINE (0x0A), or
after 40 characters. The DATE string is the date of
installation or of last modification of
devs:Kickstart
; if
devs:Kickstart
does
not exist, it is the last date of modification of your
s:Startup-Sequence
file.
The
-l
option controls
login
's logging
facility. When this is active (by using the option
-l
or
-l1
), successful logins are
appended to the file
etc:wtmp
, and failed login
attempts are appended to
etc:utmp
. When
operating in TTY mode, only the third attempt is
logged. (I know these are improper uses of the Unix
wtmp and utmp filenames, but it makes little difference
here and I'm not administrator-capable enough to know
what's correct.)
The
-r
option defines user restrictions for
this invocation of
login
. For example, if you
use the command
login -c -rroot
only the user
root
will be allowed to log in.
Similarly,
login -c -r$USER
will make login allow only the current user to login
again. Using this command or one like it makes
login
work like a console lock; only the user
who runs the program will be able to log in, thus
protecting the current session from all other users.
login
also supports the environment variable
LOGIN
. If no arguments are given on the command
line, they are read instead from
LOGIN
. To
cause
login
to ignore this variable, just use
any argument. See your AmigaDOS for information on how
to set environment variables.
I think that's all about
login
. I'll be sure by
the time v1.10 comes out.
AmigaDOS Local Last Change: 06-Jan-93 4
LOGIN (1) Local Tools LOGIN (1)
passwd
passwd
changes the encrypted password for a
user. If no argument is given on the command line, it
changes the password for the current user as obtained
from $USER. The user is first prompted for the current
password to ensure security, then for the desired new
password. A third prompt serves to verify that the new
password was entered correctly. All typed text is
displayed invisibly so as to hide it from nearby
onlookers.
If
passwd
is called with an argument, the
argument is taken to be the username to be changed.
passwd $USER
is identical in function to merely
passwd
When called with a username as argument,
passwd
allows either the user's own password or the root
password to be used as authentication; thus, root can
change any user's password, while others can only
change their own passwords.
chsh
chsh
changes the default shell and home
directory as listed in
etc:passwd
. Like
passwd
, it requires the user's password to make
a change, and allows the root password if a user is
specified on the command line.
chfn
chfn
is identical to
chsh
, except that
it changes the "Real Name" field of the user's
passwd
entry.
finger
finger
displays
passwd
database
information on the named user, similarly to the Unix
finger
command.
last
last
, like its Unix counterpart, lists the
recorded logins of the named user, or of all users if
no name is given. It differs from the Unix
last
in that it displays logins in
chronological, rather than reverse chronological,
order.
nu
nu
allows the root user, or a user who knows
the root password, to add a user to the system. It
AmigaDOS Local Last Change: 06-Jan-93 5
LOGIN (1) Local Tools LOGIN (1)
prompts for all fields of the
etc:passwd
database. Again, passwords are written to the
terminal/shell in invisible type.
ENVIRONMENT ENVIRONMENT
The
login
program, upon successful entry of a
valid user/password pair, creates the (global)
environment variables
USER
,
NAME
,
SHELL
, and
HOME
. These variables can
then be used by the system to customize the working
environment. For example, by adding the line
cd $HOME
to the end of the
s:Shell-Startup
file, any new
shell will open in the current user's home directory.
If your host supports multiple shells, $SHELL can be
used to start the user's preferred shell
automatically. For example, a remote login script
could end with the line
$SHELL
to cause the system to run SKsh, Csh, WShell, NewShell
(AmigaDOS default shell), or whatever else as
appropriate. Note that for some replacement shells an
AmigaDOS shell must first be created to "support" or
"run" the custom shell. This can be accomplished by
defining the
etc:passwd
shell field to "execute
s:Csh-Startup" or something similar.
Further examples of environment manipulation will be
available in future distributions of this package.
FILES FILES
etc/passwd ....... The password database
etc/palette.ilbm . The custom color/screen preferences
etc/bin/* ........ The programs
fonts/nofont.font
fonts/nofont/9 ...
fonts/nofont/18 .. The invisible font for console mode
login.man ........ NRoff-formatted documentation
login.doc ........ ANSI documentation
Everything in etc/ should be copied to your etc:
directory. You can either have a mounted volume called
etc: or ASSIGN the logical device name etc: somewhere.
The stuff in fonts/ should be copied to your fonts:
directory.
To install
login
, copy all files as shown, then
make the following changes to your
s:Startup-Sequence
:
1. Find the line which installs your Preferences. It
begins with the word "IPrefs".
2. Add these lines
after
the IPrefs line:
assign etc: <wherever etc: should be>
AmigaDOS Local Last Change: 06-Jan-93 6
LOGIN (1) Local Tools LOGIN (1)
etc:bin/login -c
3. Go to wherever you define the shell search path
(e.g.,
s:Shell-Startup
) and add the line:
path etc:bin
Feel free to add whatever options you like to the
"etc:bin/login" line in step 2.
SEE ALSO SEE ALSO
Nothing particular.
LIMITATIONS LIMITATIONS
AmigaDOS is simply not secure. This is not a sure-fire
cure for any problems you might be having.
BUGS BUGS
Invisible text is not available on all serial shell
handlers. I haven't actually tested it on any of them,
but I'm told it should work with some. Your handler
should support raw-mode characters, or all text will
surely appear.
VERSION VERSION
This documentation is for version 1.091 of Login. This
is an enhancement of Login v1.00, and a bugfix to
version 1.09. Version 1.10 is in development, and will
add user font selection in console mode. Future
versions may feature customizable imagery for the
console, among other nifty things.
This version is being released now because it's been
too long since version 1.00 was released. Due to my
previous choice of compiler, version 1.00 contained
code which prevented any of the programs from running
on Amigas with 68000 or 68010 processors. This and
future versions are and will be compiled correctly by
smarter compilers. Version 1.09 was prematurely
released earlier today; bugs fixed in version 1.091
include:
1. login screen is no longer "draggable"
2. all programs now deal correctly with null
passwords
3. version info corrected
If you somehow got version 1.09, please replace it with
this release.
This version should be bug-free; my testers reported no
actual problems with beta-versions of v1.10 which
contained all the same code plus font selection. Font
selection itself is not currently working quite right,
so all related code was removed from this release.
WARRANTY WARRANTY
Warranty? This ain't Sears-Roebuck.
Money-back guarantee: If you send me money, I guarantee
I won't send it back. Otherwise, I guarantee I don't
AmigaDOS Local Last Change: 06-Jan-93 7
LOGIN (1) Local Tools LOGIN (1)
mind.
Ask about our Aquatic Pets Special Offer.
AUTHOR AUTHOR
David Champion
951 E. 54th Place #3
Chicago, IL 60615
U.S.A.
Internet: dgc3@midway.uchicago.edu
AmigaDOS Local Last Change: 06-Jan-93 8
