Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!ctrsol!sdsu!usc!apple!spies!zorch!scott From: scott@zorch.SF-Bay.ORG (Scott Hazen Mueller) Newsgroups: comp.unix.wizards Subject: Re: Unix network security Message-ID: <823@zorch.SF-Bay.ORG> Date: 18 Aug 89 16:12:17 GMT References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> Reply-To: scott@zorch.SF-Bay.ORG (Scott Hazen Mueller) Organization: SF Bay Public-Access Unix Lines: 17 In article <3942@phri.UUCP> roy@phri.UUCP (Roy Smith) writes: >Before allowing a shot at a username/password, require a network access >password. The same thing could be done for dial-up access, but this is >less of a problem. I know that this would pull "features" from both BSD and SysV, but I think that it would be trivial to do. If I understand things right, an incoming remote login (rlogin, telnet) is associated with one of a set of ttyp/pty devices. System V provides a "dialup password" facility that could provide the protection mechanism that Roy suggests, simply by specifying all of the pseudo-terminals in /etc/dialups and putting the appropriate shell entries in /etc/d_passwd. To see if your version of /bin/login has these features, simply use strings and grep to look for the filenames. -- Scott Hazen Mueller| scott@zorch.SF-Bay.ORG (ames|pyramid|vsi1)!zorch!scott 685 Balfour Drive | (408) 298-6213 |Mail to fusion-request@zorch.SF-Bay.ORG San Jose, CA 95111 |No room for quote.|for sci.physics.fusion digests via email