Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!oliveb!pyramid!ctnews!mitisft!dold
From: dold@mitisft.Convergent.COM (Clarence Dold)
Newsgroups: comp.unix.ultrix
Subject: Re: Restricting logins to uucp on a specific line
Message-ID: <732@mitisft.Convergent.COM>
Date: 15 Jun 89 16:41:09 GMT
References: <1214@bnlux0.bnl.gov>
Distribution: na
Organization: Convergent Technologies, San Jose, CA
Lines: 45

in article <1214@bnlux0.bnl.gov>, mms@bnlux0.bnl.gov (Morris Strongson) says:


>     We are presently running Ultrix 2.0 on a Vax 11/780, and expect to go to 
> 3.0 shortly.  The need to restrict one incoming tty line to uucp logins only
> has arisen, and we do not know how to to that.  Any information you can give

Three steps:
1) See if your version of login supports dialup passwords:
#strings /bin/login |grep d_pas
/etc/d_passwd

2) Create a /etc/dialups file containing the name of the tty you want to guard:
#-r--------   1 root  root   189 Nov 24 08:46 /etc/dialups

/dev/tty500
# /etc/dialups will contain all of the devices that
# **might** present Dialup Password, depending on 
# entries in /etc/d_passwd.

3) Create a /etc/d_passwd controlling all possible login shells:
#-r--------   1 root  root   368 Nov 24 08:45 /etc/d_passwd

# /etc/d_passwd contains all 'initial programs' allowed 
# when invoked on a line specified in /etc/dialups
# /bin/sh:13characterEncryption:
# The encrypted password is drawn over via grep after applying
# /bin/passwd to a superfluous entry in /etc/passwd.

/bin/sh:JUNK:
/bin/ksh:JUNK:
/bin/rsh:JUNK:

# A line to allow uucp entry with no password:
/usr/lib/uucp/uucico::

# Use links to different shell names to cause certain login ids 
# to require Dialup password, while other logins using the same
# shell with a different name don't need a password.

-- 
---
Clarence A Dold - dold@tsmiti.Convergent.COM		(408) 434-5293
		...pyramid!ctnews!tsmiti!dold
		P.O.Box 6685, San Jose, CA 95150-6685	MS#10-007