etc/issue : undocumented, etc/dialups : undocumented etc..

Mike Wescott wescott at sauron.Columbia.NCR.COM
Thu Oct 20 23:44:19 AEST 1988


In article <538 at balaena.UUCP> wezel at balaena (Jos C. van Wezel) writes:
> 
> Skimming tru my sysV manuals I came across the file /etc/issue, in the
> man pages for getty. However it is only mentioned, no description.
> I remember seeing somewhere it differentiated between several projects,
> and then echoed a specific line when getty started.

/etc/getty, if compiled with SYS_NAME defined, will prefix the "login"
prompt (that it gets from /etc/gettydefs) with both the nodename
(utsname.nodename) and the contents of /etc/issue, if it exists.

A word of caution, if your getty has this option enabled, don't get carried
away with /etc/issue.  It is not the message-of-the-day.  Long /etc/issue
files can makke life difficult for programs like uucico that try to login
using chat scripts.

> In my bin/login (I'm on a 3B2, V3.1) after an od I found the path:
> /etc/dialups. Now this isn't even in the manuals.

/bin/login, will, after it has validated a password, check /etc/dialups
for a line which begins with the pathname of the device being used.  The file
looks like this:

/dev/tty00
/dev/tty01
   .
   .
   .

The device name must begin in the first column and is terminated
by any whitespace.  Comments could follow the white space, but I've
never seen it done that way.

If the such a line is found, then /etc/d_passwd is used.  The format
of /etc/d_passwd consists of lines of colon-terminated fields.  The
first field has the name of a shell; and the second field is an encrypted
password, just like /etc/passwd.  For example:

/bin/sh:RcjqjwrheFnuc:
/bin/rsh:nufuivsiuhnuc:
/usr/ucb/csh:sdwjhernNfNUX:
/usr/lib/uucp/uucico::

If /etc/d_passwd exists, /bin/login looks for a match of the login shell.
If the match is found, or if no match is found but an entry for /bin/sh
is found, and the password field is not null then the user is prompted
"Dialup Password:".  Checking the password uses the same algorithm used
for the regular password.  If it is not correct, /bin/login goes back
the the login: prompt and starts all over.

Be careful of your uucp neighbors if you suddenly implement this, you'll
probably need to put in a null password for /usr/lib/uucp/uucico.

Security is somewhat enhanced, but since all users with the same shell
have the same dialup password the password will be widely known.  Other
problems arise if the system has chsh.  And a cracker can know that he
has a valid username and password if he gets the Dialup Password prompt.
By making links to the standard shells, individualization of the dialup
password can be accomplished but it's an administrative headache.

Historical note:  at one time the prompt was "External Security:"

-- 
	-Mike Wescott
	 mike.wescott at ncrcae.Columbia.NCR.COM



More information about the Comp.unix.questions mailing list