Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!ctrsol!sdsu!usc!apple!spies!zorch!scott
From: scott@zorch.SF-Bay.ORG (Scott Hazen Mueller)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security
Message-ID: <823@zorch.SF-Bay.ORG>
Date: 18 Aug 89 16:12:17 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP>
Reply-To: scott@zorch.SF-Bay.ORG (Scott Hazen Mueller)
Organization: SF Bay Public-Access Unix
Lines: 17

In article <3942@phri.UUCP> roy@phri.UUCP (Roy Smith) writes:
>Before allowing a shot at a username/password, require a network access
>password.  The same thing could be done for dial-up access, but this is
>less of a problem.

I know that this would pull "features" from both BSD and SysV, but I think
that it would be trivial to do.  If I understand things right, an incoming
remote login (rlogin, telnet) is associated with one of a set of ttyp/pty
devices.  System V provides a "dialup password" facility that could provide
the protection mechanism that Roy suggests, simply by specifying all of
the pseudo-terminals in /etc/dialups and putting the appropriate shell
entries in /etc/d_passwd.  To see if your version of /bin/login has these
features, simply use strings and grep to look for the filenames.
-- 
Scott Hazen Mueller| scott@zorch.SF-Bay.ORG (ames|pyramid|vsi1)!zorch!scott
685 Balfour Drive  | (408) 298-6213   |Mail to fusion-request@zorch.SF-Bay.ORG
San Jose, CA 95111 |No room for quote.|for sci.physics.fusion digests via email