Collection of Tools & Utilities

home *** CD-ROM | disk | FTP | other *** search

/ Collection of Tools & Utilities / Collection of Tools and Utilities.iso / dskut / login.zip / LOGIN.DOC < prev next >

Wrap

Text File | 1992-05-25 | 6KB | 121 lines

The following should have been contained in this archive: login.exe -- login without screen saver loginsav.exe -- login with screen saver update.exe -- user update/add/change password login.doc -- this file user.lis -- user file with "root", password "changeme" I retain all rights to the above programs, these programs are licensed for personal use free of charge (forever). See the end of this document for licensing info for businesses and institutions. These programs may be distributed by any means (BBS, FTP, etc.) for free, or for a nominal fee of less than $2.00 if distributed on diskette or other media. Under NO circumstances is this program to be commercially SOLD by a third party without proper licensing. Basic instructions: Place the file "user.lis" in the main directory on your C drive (C:\). Run UPDATE to change the "root" password. This new password will be the password required to add users and change passwords from now on. UNDER NO CIRCUMSTANCES SHOULD THE ROOT PASSWORD BE LEFT AS "changeme" (See later section on good passwords). These usernames and passwords ARE CASE SENSITIVE !!! Run UPDATE again and modify the user name you wish to use. This user will be added to user.lis (which is now a hidden and read only file on your C: drive.) This version is limited to 7 users. The user file can be edited to delete users by changing the READONLY and HIDDEN bits using ATTRIB. Passwords can be changed this way, but there is no way of knowing what the password is, so don't do it! ATTRIB -H -R C:\USER.LIS The next time LOGIN is run it will make the file HIDDEN and READONLY again. Next run LOGIN and make sure that you have you password correct and can logon. The last step is to run either LOGIN or LOGINSAV from your autoexec.bat . Make this the first line (or second line, after @echo off) so that noone can CTRL-C out of autoexec.bat . If you do NOT put this program in your autoexec access can be gained by rebooting the system. Anytime you leave your system you can run LOGIN / LOGINSAV from the DOS prompt. Placing ANY parameters after LOGINSAV will immediately place the system in the screen saver mode (i.e., LOGINSAV blah). Although password protected, UPDATE should be kept on a floppy for added security, as well as a copy of user.lis. To get a copy of user.lis enter: TYPE C:\USER.LIS > A:USER.LIS The less people know about a security system the better. Individual users cannot change their passwords, and there is no way for you to know their password from their encrypted password. Security: This program encrypts your password so that the original password never appears in plain text, even in memory after running this program. The encryption algorithm is NOT publicly available. After 3 unsuccessful attempts LOGIN will not check for the correct password, the system must be rebooted. LOGINSAV, the screen saver version, has a higher limit since you will not know if several unsuccessful attempts have been made. If you find that your password will not work try rebooting AND make sure you are using the correct case (upper/lower/mixed..). Because of the way the CTRL-ALT-DEL sequence is handled and the ability to swap windows in Desqview(tm) and Windows(tm), this program is NOT useful when run under one of these multitasking environments. The biggest problem with login programs on a local machine is booting from a floppy. This program will NOT protect your hard drive if your machine is booted from a floppy. If your machine can be configured to boot from the hard drive first, this eliminates the problem (see BIOS setup). Another alternative is physically preventing access to the machine/boot diskette drive. Good Passwords: The more difficult a password is to guess the better it is. Never make a password the same as the username! Avoid using your name, phone number, original distribution passwords, and simple dictionary words (although this system is less vulnerable to dictionary attack because the algorithm is not public). For extra security trying using mixed case passwords, two word passwords (i.e., DogCat <-- don't use this one, make up one of your own!), and backwards passwords (i.e., taCgoD). Never write down your passwords! This means you need to have something that you can remember! Disclaimer: I accept no liability for ANY problems associated with using this system. Everyone should have a current backup, check all new software for viruses, and use good judgement regarding system security. Licensing: This program is FREE for personal use, if you really like this program, find any bugs, or have any suggestions please send me mail (snail or e-mail), see below. If this program is used in a business or institution it must be licensed. The following is the price schedule: One machine (15 users) : $ 15 Two machines (15 users) : $ 27 Five machines (15 users) : $ 60 (Subject to change) Site licenses, more users, more machines, custom configurations, commercial vendors, etc. are handled on a case by case basis. Scott Preston ( sp4@reef.cis.ufl.edu ) 2622 A SW 38th Place Gainesville, FL 32608 (904) 335-1576 Trademarks and acknowledgements: DesqView is a trademark of QuarterDeck Office Systems. DOS and Windows are trademarks of MicroSoft. TURBO C is a trademark of Borland Intl. Many thanks to the maker of LZEXE, Fabrice Ballard.