Path: utzoo!attcan!uunet!mcvax!hp4nl!philmds!nlgvax!geertj
From: geertj@nlgvax.UUCP (Geert Jan de Groot)
Newsgroups: comp.unix.xenix
Subject: Re: Proper procedure for AUTOLOGIN in SCO
Summary: Not a nice solution, but one that works for me!
Keywords: sco auto login init getty
Message-ID: <224@nlgvax.UUCP>
Date: 12 Mar 89 16:16:49 GMT
References: <190@biar.UUCP>
Reply-To: geertj@nlgvax.UUCP (Geert Jan de Groot)
Organization: Philips Research Geldrop
Lines: 64

In article <190@biar.UUCP> trebor@biar.UUCP (Robert J Woodhead) writes:
>How to set up an AUTO login account in SCO Xenix in XX easy steps.
>
>4) Edit /etc/gettydefs and find the current entry for tty08.  
>   [Add a new entry like:]
>p # B9600 HUPCL CS8 SANE TAB3 ECHOE IXANY # B9600 CS8 SANE HUPCL TAB3 \
>ECHOE IXANY # \r\n@ login: # p # AUTO /etc/login
>
>6) Edit /etc/passwd and change the password field of "tty08" to null.
>   Otherwise you will be asked for a password.  Note that this opens
>   up a security hole in your system as anyone who is in the know can
>   now log into your system under this account.
>
>Thats all there is to it.  I am however VERY disturbed about the security
>hole created by the AUTO process.  

I found a workaround for that too. My solution isn't nice, but it works,
and maybe helps you..
I use the '-' option of su, which provides a full login, without asking 
passwords.. However, the AUTO feature of getty does not allow command-like
arguments, so I made something like this: (program calles 'su-.c')

/* su- - exec "su - <args>" */

main(argc, argv)
int argc;
char *argv[];
{
	if (argc == 2)
		execl("/bin/su", "su", "-", argv[1], (char *) 0);
}

Compile this program, and place it in your favorite local bin directory.
It does not need special privileges.

If you execute this program, you really execute 'su - <loginname>' which
provides a full-blown login, without password checking. Of course, the
password test is only skipped if the program is executed by root,
but since getty runs under root, it has that privilege. 

Now, change the /etc/gettydefs entry to use su- instead of login:

p # B9600 CS8 SANE HUPCL TAB3 ECHOE IXANY # # # p # AUTO /u/local/bin/su- 

Now you can place a password in the autostart-account passwd entry.

One final note: I found getty requires something after a AUTO gettydefs
entry. Therefore, if you add the new entry at the end, append a comment
line as last line to /etc/gettydefs or the trick may not work. I found
the -c option of getty very handy.

I hope this is secure. 

Geert Jan

_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.

Geert Jan de Groot,			Email: geertj@nlgvax.pcg.philips.nl
Philips Research Laboratories,		       ..!mcvax!nlgvax!geertj
Project Centre Geldrop,	
Building XP, Room 4,
Willem Alexanderlaan 7B,		"MS-DOS is just a bootstrap" - me
5664 AN Geldrop, The Netherlands.
phone: +31 40 892204			[Standard disclaimers apply]