Path: utzoo!attcan!uunet!husc6!bbn!mailrus!ames!pacbell!ptsfa!jmc From: jmc@ptsfa.PacBell.COM (Jerry Carlin) Newsgroups: comp.unix.wizards Subject: Re: Password security Message-ID: <4601@ptsfa.PacBell.COM> Date: 28 Nov 88 20:25:24 GMT References: <4449@sneaky.TANDY.COM> <32582@bbn.COM> <4655@sneaky.TANDY.COM> <2349@cbnews.ATT.COM> Reply-To: jmc@ptsfa.PacBell.COM (Jerry Carlin) Distribution: na Organization: Pacific * Bell, San Ramon, CA Lines: 34 In article <2349@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes: >One enhacement to security I have seen on mainframes running UNIX(tm) is >to have a "External Security Password" that is settable by the system >administrator. A little documented feature of V.2+ systems is a 'dial password'. Create a file /etc/dialups (with a list of ports such as): /dev/tty12 /dev/tty13 Create a file /etc/d_passwd: :passwd1: /bin/sh:passwd2: /bin/rsh:passwd3: (restricted shell not remote shell) /bin/ksh:passwd4: /bin/csh:passwd5: /usr/lib/uucp/uucico:: (i.e., no password for uucico) The first line is for those with nothing in field 7 of /etc/passwd (default). This scheme gives the administrator the ability to implement a second password on a list of ports and to make it different by 'shell' (actually any program in field 7 of /etc/passwd). You can generate passwords using /usr/lib/makekey (undocumented until V.3.?) or by creating a dummy login, doing a 'passwd' and then moving the resulting encrypted passwd to /etc/d_passwd. Enjoy. -- Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc To dream the impossible dream. To fight the unbeatable foe.