Newsgroups: comp.unix.questions
Path: utzoo!utgpu!jarvis.csri.toronto.edu!hub.toronto.edu!thomson
From: thomson@hub.toronto.edu (Brian Thomson)
Subject: Re: Security from outside call-ins
Message-ID: <8807191850.AA14879@beaches.hub.toronto.edu>
Organization: University of Toronto
References: <262@scotty.UUCP>
Distribution: na
Date: Tue, 19 Jul 88 13:30:52 EDT

In article <262@scotty.UUCP> root@scotty.UUCP (Don Cox) writes:
>I am on a Sun 3/260 running SunOS3.5.  Plugged into Serial Port A
>I have a Microcom AX/2400 modem.
...
>Here's the question:  They (the users) have told me of other
>systems they have been on (I believe Vax's) where they were
>prompted to enter a system password before they were even asked for
>thier own.
>.... Anyone have ideas on how I could incorporate this
>into my passwd file, but only having it prompt those who are dialing
>in on the modem? 

You can define a new entry in /etc/gettytab that contains non-default
entries for the "lm" and "lo" strings.  Assuming that "2400-baud" the
entry that you currently use for port A, you might define

s|d2400|dial-2400:\
	:lm=\r\nSystem password\72 :lo=/usr/adm/dial-login:tc=2400-baud:

and in /etc/ttys select table entrty 's' for line 'ttya'.
You may want to mess around with other gettytab flags to, eg., turn off
echo.  See your online manual under 'gettytab' for details.

You must also supply a /usr/adm/dial-login program (or shell file) that
will compare its first argument with the system password.  Since this
password is probably known by every valid user on the system, I surmise
that it is not terribly sensitive and, in particular, that you do not
object if it is occasionally visible when people run 'ps' on your
system.

If this isn't exactly what you want, you can be more inventive.
The basic idea is that with gettytab you can have something other than
/bin/login run on specific lines.
-- 
		    Brian Thomson,	    CSRI Univ. of Toronto
		    utcsri!uthub!thomson, thomson@hub.toronto.edu