Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!pacbell.com!pacbell!sactoh0!jak
From: jak@sactoh0.UUCP (Jay A. Konigsberg)
Newsgroups: comp.unix.questions
Subject: Re: 2 passwd system
Message-ID: <3513@sactoh0.UUCP>
Date: 13 Jul 90 00:00:23 GMT
References: <201@adam.adelaide.edu.au> <3502@sactoh0.UUCP> <13152@cbmvax.commodore.com>
Reply-To: jak@sactoh0.UUCP (Jay A. Konigsberg)
Organization: SAC-UNIX, Sacramento, Ca.
Lines: 38

In article <13152@cbmvax.commodore.com> ag@cbmvax (Keith Gabryelski) writes:

>>>I want to set up my login procedure to make users use two passwords
>>>to login instead of one.
>>>
>>
>>A simple solution, if /etc/profile is executed, is to put a second
>>login as the first command in /etc/profile.
>
>A user could hit the interrupt key before the first line in /etc/profile
>is executed and thus bypass your second attempt at security.
>
No. That is what the trap command at the beginning of /etc/profile is
for. If it reads:

trap "exit" 2 3

then hitting the 'break' key will return them to a login.

>A better way would be to replace the login shell of the user with your
>own program that does The Right Thing.
>
The Right Thing? You are assuming the user wants this to be a C program
and has the time to set it up. The "Right" solution is the one that will
solve the persons problem in the most stright forward manner. Much of the
time this will involve the use of the shell.

Administrators are not programmers (most of the time anyway). Writing a 
C program to accept a secondary password may not be beyond your skills or
mine, but it could easily be more than an average administrator would 
want to do.

KISS! (Keep It Simple S_____)

-- 
-------------------------------------------------------------
Jay @ SAC-UNIX, Sacramento, Ca.   UUCP=...pacbell!sactoh0!jak
If something is worth doing, its worth doing correctly.