Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!cornell!rochester!rutgers!apple!voder!pyramid!ctnews!starfish!cdold From: cdold@starfish.Convergent.COM (Clarence Dold) Newsgroups: comp.unix.wizards Subject: Re: Selectively disable login at specified line? Summary: Maybe you can use Dialup Passwords Keywords: login getty tty ultrix csh Message-ID: <734@starfish.Convergent.COM> Date: 29 Sep 88 23:23:14 GMT References: <1227@tuhold> Organization: Convergent Technologies, San Jose, CA Lines: 55 In article <1227@tuhold>, gfl@tuhold (Gerhard Fleischanderl) writes: > > We want to restrict login-access at a specified terminal line > to a group of designated users, with the other ttys still > accessible to all users. Even though it isn't documented, UNIX SysV 2.2 contains a dialup password feature, that can be invoked for certain lines, and selectively for certain login initial programs. Try strings /bin/login|grep passwd to see if your login is looking for d_passwd. If it is: /etc/dialups is a list of the ports you *might* want to block: # /etc/dialups will contain all of the devices that # **might** present Dialup Password, depending on # entries in /etc/d_passwd. /dev/tty023 /dev/tty024 /dev/tty025 /dev/tty026 /etc/d_passwd contains a description of the initial programs subject to password if they are invoked from one of the 'dialup' lines: /bin/jsh:XfCQ/Cu1tfd9g: /bin/sh:: /usr/bin/ksh:: # /etc/d_passwd contains all 'initial programs' allowed # when invoked on a line specified in /etc/dialups # A line to allow uucp entry with no password: /usr/lib/uucp/uucico:: # /bin/sh:13characterEncryption: # The encrypted password is drawn over via grep after applying # /bin/passwd to a superfluous entry in /etc/passwd. # Use links to different shell names to cause certain login ids # to require Dialup password, while other logins using the same # shell with a different name don't need a password. # In this example, restricted users show /bin/jsh as their shell # While the other users specify /bin/sh, actually linked. #-r-------- 1 root root 368 Nov 24 08:45 /etc/d_passwd #-r-------- 1 root root 189 Nov 24 08:46 /etc/dialups #-r-xr-xr-x 3 bin bin 45470 May 19 15:32 /bin/sh #-r-xr-xr-x 3 bin bin 45470 May 19 15:32 /bin/jsh -- --- Clarence A Dold - cdold@starfish.Convergent.COM (408) 435-5274 ...pyramid!ctnews!mitisft!professo!dold P.O.Box 6685, San Jose, CA 95150-6685