Path: utzoo!attcan!uunet!cs.utexas.edu!csd4.milw.wisc.edu!mailrus!cornell!rochester!srs!matt From: matt@srs.uucp (Matt Goheen) Newsgroups: comp.unix.wizards Subject: getty, login and a trivia Message-ID: <1989Aug10.155745.21028@srs.uucp> Date: 10 Aug 89 15:57:45 GMT Organization: S.R. Systems, Rochester NY Lines: 38 We have a little fake login program that sits between getty and the real login program that requires a non-trivial (i.e. not your typical user) password (things like "jkdKP0qa", "9iwKJcx3", etc.) when you log in from a dial up line. This keeps us from having to be password police unless people want to dial into the system. The problem is that we would like to set up one account that doesn't need this "dail up password". It would be a restriced shell account for doing some limited tasks. Currently, our fake login program simply prompts for a user name (that is doesn't really use, except to pass on to the real "login") and the dial up password. It then execs "/bin/login username" and off you go. My first attempt at side stepping this was to not prompt for the dial up password if the user name given was the one that didn't require a dial up password. The problem with that is that once the real login is called, you can simply enter an invalid password for the no dial up password user and proceed to attempt to login as who ever you wish (you still need their password, but you've side stepped the login password). Anyone see an EASY fix for this. It would be nice if login would just quit if the first password given were incorrect. While snooping around, I found a couple of interresting things about login and getty that (at least) I didn't know. In getty, there is a string "Amnesiac" -- anyone know what that's for? In login, there are a couple of apparent undocumented options, "-h" and "-r". I can't seem to get "-h" to do anything, but a "/bin/login -r" does some strange things (no prompts, and an error message that reads "remuser too long" after about 8 characters on stdin). BTW, this is on a Sun running 3.2 (and 3.4), and I have NO UNIX SOURCE LICENSE.. -- - uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen - - internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu - - "We had some good machines, but they don't work no more." -