Password security
Jerry Carlin
jmc at ptsfa.PacBell.COM
Tue Nov 29 06:25:24 AEST 1988
In article <2349 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>One enhacement to security I have seen on mainframes running UNIX(tm) is
>to have a "External Security Password" that is settable by the system
>administrator.
A little documented feature of V.2+ systems is a 'dial password'. Create
a file /etc/dialups (with a list of ports such as):
/dev/tty12
/dev/tty13
Create a file /etc/d_passwd:
:passwd1:
/bin/sh:passwd2:
/bin/rsh:passwd3: (restricted shell not remote shell)
/bin/ksh:passwd4:
/bin/csh:passwd5:
/usr/lib/uucp/uucico:: (i.e., no password for uucico)
The first line is for those with nothing in field 7 of /etc/passwd (default).
This scheme gives the administrator the ability to implement a second
password on a list of ports and to make it different by 'shell' (actually
any program in field 7 of /etc/passwd).
You can generate passwords using /usr/lib/makekey (undocumented until V.3.?)
or by creating a dummy login, doing a 'passwd' and then moving the
resulting encrypted passwd to /etc/d_passwd.
Enjoy.
--
Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc
To dream the impossible dream. To fight the unbeatable foe.
More information about the Comp.unix.wizards
mailing list