Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site stcvax.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!houxm!houxz!vax135!cornell!uw-beaver!tektronix!hplabs!hao!stcvax!lat From: lat@stcvax.UUCP (Larry Tepper) Newsgroups: net.unix-wizards Subject: Re: more secure login Message-ID: <289@stcvax.UUCP> Date: Tue, 10-Jul-84 16:35:36 EDT Article-I.D.: stcvax.289 Posted: Tue Jul 10 16:35:36 1984 Date-Received: Thu, 12-Jul-84 04:15:22 EDT References: <24@amd.UUCP> Organization: Storage Technology Corp. Louisville, CO Lines: 32 I modified login for both V7 and 4.1BSD to do just that (i. e. hang up after a bad password is typed). My version gives you three chances before exiting. It waits 20 seconds before it exits, to slow down automated password breakers. Logging in over over a dial-up also requires the user to type a second password (the `External Security' password -- remember this from fortune?). A dial-up is recognized as a login terminal whose name starts with "ttyd". The 2nd password is determined by the dummy user name `dialup' in /etc/passwd. Just as the original login always asks for a password, even when given an invalid login name, so too does this version always ask for the external security password, even when the 1st password is wrong. There is an exception, namely: To make life easier for uucp, the 2nd password is not requested over a dial-up if the user's login shell is "/usr/lib/uucp/uucico" (except when the 1st password is incorrectly given). This seemed the safest way of ensuring that a user really is uucp. Notification of all logins attempts over a dial-up, successful or not, are sent to the system console. A system administrator can look at the console sheets for suspicious activity. It would be impossible to post the sources, even diffs, to the net without violating the UNIX license agreement. Would someone like to comment on the legalities of mailing it electronically assuming I've been given hard evidence of the receiver's UNIX source license? -- {ihnp4 hao philabs sdcrdcf ucbvax!nbires}!stcvax!lat Larry Tepper Storage Technology, MD-3T, Louisville, CO 80028 303-673-5435