Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: capmkt!brent@uunet.uu.net (Brent Chapman)
Newsgroups: comp.sys.sun
Subject: Re: Securing the Server
Keywords: Networks
Message-ID: <8903300059.AA19836@mycroft.capmkt.com>
Date: 21 Apr 89 23:03:52 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 15
Approved: Sun-Spots@rice.edu
Original-Date: Wed, 29 Mar 89 16:59:37 PST
X-Sun-Spots-Digest: Volume 7, Issue 237, message 3 of 12

Your YP solution is the first part of what you need.  The second is to
keep everyone in the "real" /etc/passwd file on the server, but to give
them a null password (or a "*" password) and a login shell that is simply
a shell script or program that says "sorry, authorized users only on the
server", waits a few seconds, and then exits, dumping them off.  The pause
is so that the "sorry" message gets printed before the shell exits and the
modem line, port selector line, or telnet connection is dropped.


-Brent
--
Brent Chapman					Capital Market Technology, Inc.
Computer Operations Manager			1995 University Ave., Suite 390
brent@capmkt.com				Berkeley, CA  94704
{cogsci,lll-tis,uunet}!capmkt!brent		Phone:  415/540-6400