Path: utzoo!attcan!ram
From: ram@attcan.UUCP (Richard Meesters)
Newsgroups: comp.unix.questions
Subject: Re: 2 passwd system
Message-ID: <11905@attcan.UUCP>
Date: 12 Jul 90 03:08:05 GMT
References: <201@adam.adelaide.edu.au> <3502@sactoh0.UUCP> <13152@cbmvax.commodore.com>
Organization: AT&T Canada Inc., Toronto
Lines: 46

In article <13152@cbmvax.commodore.com>, ag@cbmvax.commodore.com (Keith Gabryelski) writes:
| In article <3502@sactoh0.UUCP> jak@sactoh0.UUCP (Jay A. Konigsberg) writes:
| >In article <201@adam.adelaide.edu.au> mferrare@adelphi.ua.oz.au.oz.au
| (Mark Ferraretto) writes:
| >>I want to set up my login procedure to make users use two passwords
| >>to login instead of one.
| >>
| >>The problem I have is if I rewrite /bin/login how to I get getty to
| >>recognise my login procedure instead of /bin/login apart from
| >>overwriting it (I don't have sources)?  Is rewriting /bin/login the
| >>best way to go about this?
| >
| >A simple solution, if /etc/profile is executed, is to put a second
| >login as the first command in /etc/profile.
| 
| A user could hit the interrupt key before the first line in /etc/profile
| is executed and thus bypass your second attempt at security.
| 
| A better way would be to replace the login shell of the user with your
| own program that does The Right Thing.


I think though, if you set a trap in your .profile, you can keep people from
bypassing the second login.

If you're running System V UNIX, a simpler solution exists.  You can create 
a dialup password.  I'm not sure of exactly which versions and flavours of
*NIX this will work on (The docs are at work, and it's too late to go and get
them), but if you want an explanation, drop me an e-mail and I'll see what I 
can dig up.

Incidentally, I'm running with this particular option on my 3B2 and it works 
fairly well.  Normal login proceedure is to enter username password and then
the dialup password.  The dialup password is only set to work on specific 
ports, and with specific programs (eg login but not uucico).

Regards,

------------------------------------------------------------------------------
     Richard A Meesters                |
     Technical Support Specialist      |     Insert std.logo here
     AT&T Canada                       |
                                       |     "Waste is a terrible thing
     ATTMAIL: ....attmail!rmeesters    |      to mind...clean up your act"
     UUCP:  ...att!attcan!ram          |
------------------------------------------------------------------------------