Path: utzoo!attcan!uunet!ncrlnk!ncrcae!sauron!wescott From: wescott@sauron.Columbia.NCR.COM (Mike Wescott) Newsgroups: comp.unix.questions Subject: Re: etc/issue : undocumented, etc/dialups : undocumented etc.. Message-ID: <1163@sauron.Columbia.NCR.COM> Date: 20 Oct 88 13:44:19 GMT References: <538@balaena.UUCP> Reply-To: wescott@sauron.Columbia.NCR.COM (Mike Wescott) Organization: Entry Level Systems Development, NCR Corp., Columbia, SC Lines: 65 In article <538@balaena.UUCP> wezel@balaena (Jos C. van Wezel) writes: > > Skimming tru my sysV manuals I came across the file /etc/issue, in the > man pages for getty. However it is only mentioned, no description. > I remember seeing somewhere it differentiated between several projects, > and then echoed a specific line when getty started. /etc/getty, if compiled with SYS_NAME defined, will prefix the "login" prompt (that it gets from /etc/gettydefs) with both the nodename (utsname.nodename) and the contents of /etc/issue, if it exists. A word of caution, if your getty has this option enabled, don't get carried away with /etc/issue. It is not the message-of-the-day. Long /etc/issue files can makke life difficult for programs like uucico that try to login using chat scripts. > In my bin/login (I'm on a 3B2, V3.1) after an od I found the path: > /etc/dialups. Now this isn't even in the manuals. /bin/login, will, after it has validated a password, check /etc/dialups for a line which begins with the pathname of the device being used. The file looks like this: /dev/tty00 /dev/tty01 . . . The device name must begin in the first column and is terminated by any whitespace. Comments could follow the white space, but I've never seen it done that way. If the such a line is found, then /etc/d_passwd is used. The format of /etc/d_passwd consists of lines of colon-terminated fields. The first field has the name of a shell; and the second field is an encrypted password, just like /etc/passwd. For example: /bin/sh:RcjqjwrheFnuc: /bin/rsh:nufuivsiuhnuc: /usr/ucb/csh:sdwjhernNfNUX: /usr/lib/uucp/uucico:: If /etc/d_passwd exists, /bin/login looks for a match of the login shell. If the match is found, or if no match is found but an entry for /bin/sh is found, and the password field is not null then the user is prompted "Dialup Password:". Checking the password uses the same algorithm used for the regular password. If it is not correct, /bin/login goes back the the login: prompt and starts all over. Be careful of your uucp neighbors if you suddenly implement this, you'll probably need to put in a null password for /usr/lib/uucp/uucico. Security is somewhat enhanced, but since all users with the same shell have the same dialup password the password will be widely known. Other problems arise if the system has chsh. And a cracker can know that he has a valid username and password if he gets the Dialup Password prompt. By making links to the standard shells, individualization of the dialup password can be accomplished but it's an administrative headache. Historical note: at one time the prompt was "External Security:" -- -Mike Wescott mike.wescott@ncrcae.Columbia.NCR.COM