Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ d_passwd(4) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

makekey(1)

passwd(4)

useradd(1M)

usermod(1M)






       d_passwd(4)                                              d_passwd(4)


       NAME
             d_passwd, dialups - secondary security access password

       SYNOPSIS
             /etc/dialups
             /etc/d_passwd

       DESCRIPTION
             You may create these files to prompt for a secondary security
             access password when users log into the system. This feature
             is useful, for example, for extra security on non-hardwired
             terminal lines, such as dialup lines. You use these files to
             select which tty lines will prompt for the password. You also
             specify the specific secondary passwords for each type of
             service (e.g. /usr/bin/sh).

          /etc/dialups
             This file contains a list of tty names, one per line. Users
             logging into the system on these lines will be prompted for a
             secondary password. Users logging into the system on lines not
             listed in this file will not be prompted for a secondary
             password.  For example, a typical file might look like:

                         /dev/tty00
                         /dev/tty00h
                         /dev/tty00s
                         /dev/tty01
                         /dev/tty01s
                         /dev/tty01h

          /etc/d_passwd
             This file contains a list of entries, one per line.  Each
             entry contains the name of an executable, followed by a colon,
             the encrypted password, and another colon.  The executables
             listed should include the typical services used over the
             passworded lines, such as user login shells (e.g.,
             /usr/bin/sh,/sbin/sh, /usr/bin/ksh), or UUCP (e.g.
             /usr/lib/uucp/uucico).

             When a login attempt is made over a passworded line,
             /etc/d_passwd is checked for an entry matching the executable
             used as a login shell for the attempt. If the executable is
             listed, the system prompts for the associated secondary
             password. If an entry exists, but the password field is empty,
             no prompting will occur. If an entry does not exist, the
             password for /usr/bin/sh is used instead, assuming an entry


                           Copyright 1994 Novell, Inc.               Page 1













      d_passwd(4)                                              d_passwd(4)


            for /usr/bin/sh exists.

            For example, a typical file might look like:

                        /usr/bin/sh:DFg6HWq28Ut0w:
                        /usr/lib/uucp/uucico::
                        /sbin/sh:QXg3Fv83LbOO1x:

            In this case, users logging in  using  either  /usr/bin/sh  or
            /usr/sbin/sh  as  their  login  shell  will  be prompted for a
            secondary password.  Other systems logging in using  UUCP  for
            file  transfer  will not be prompted for a secondary password.
            All other logins using some other login shell not listed  will
            be   prompted   for   the   same  secondary  password  as  for
            /usr/bin/sh.

         Creating Secondary Passwords
            You can use makekey(1) to construct an encrypted password.
            This command is included as part of the Encryption Utilities.
            You need to provide a password string of eight characters,
            concatenated with two more digits or letters to act as a salt
            for the encryption process. For example, given a password of
            abigbear and a salt of ZZ, you would enter the following:

                        echo abigbearZZ | /usr/lib/makekey; echo

            The system would respond with the encrypted  password  string,
            ZZPy2BRoodXhc.  You place this string in the password field of
            the /etc/d_passwd  entry  for  the  shell  you  wish  to  have
            abigbear as the secondary password.

         Files
            /etc/passwd
            /etc/shadow

      NOTICES
            The files /etc/dialups and /etc/d_passwd initially do not
            exist on your system. You must create and populate them. Take
            care to protect them so unauthorized users cannot alter or
            delete them. The file should be owned by user root and group
            sys, with write permission for the file owner only.

      REFERENCES
            login(1), makekey(1), passwd(4), useradd(1M), usermod(1M)




                          Copyright 1994 Novell, Inc.               Page 2








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026