passwd -d, dialups and anonymous UUCP. ==> SCO-UNIX

Thu Jul 5 07:56:27 AEST 1990

In article <1159 at s8.Morgan.COM> amull at Morgan.COM (Andrew P. Mullhaupt) writes:
> You sure can turn off C2 in SCO UNIX, in fact, unless you have a big
> disc, you _better_.
>[....]
> You can disable C2 security across the board by using the Relax
> option from the sysadmsh menu. This step puts your system into a
> more usual UNIX security configuration, but it is not reversible.

You can *not* turn off C2 security in SCO UNIX, at least I don't think
so.  You certainly can't do it with the "Relax" option in the sysadmsh
junk (also accessible through /usr/lib/sysadm/authsh).  The "Relax"
option does not turn off C2 security, it only relaxes the security
level to a more leisurely, normal, UNIX level (though I don't believe
the "normal" bit).  It does not get rid of the horrid passwd file
maintenance problems, as I found out just now, nor does it replace
/bin/passwd with a normal one, nor does it remove all the other junk
in the kernel and other utilities, nor does it remove the many files
which are the support database for the C2 security stuff, nor does it
put the encrypted passwords back in /etc/shadow.

All I could see that it does is copy /etc/auth/system/default.unix to
/etc/auth/system/default.

You could easily upgrade the security level of your system by copying
/etc/auth/system/default.c2 back to /etc/auth/system/default, but this
is not "reliable", since security may have been compromised while it
was relaxed, an thus it will not truely be restored to the "C2" level.
The warning message in the "Relax" option means nothing more.

Has anyone noticed that running pwunconv breaks /usr/lib/sysadm/authsh
until your run pwconv again?  Has anyone noticed that pwunconv only
does half the job, and does not restore the encrypted passwords back
in their "proper" place?  Has anyone noticed that /etc/shadow, pwconv,
and pwunconv are useless anachronisms on SCO UNIX?

Has anyone found any use for SCO's C2 security features, other than
the fun and excitement of wasting time?

Back to the UUCP bit of the subject line. -- Does anyone know why the
uuinstall script is still in the dark ages?  It doesn't add UUCP
logins to /etc/passwd (for obvious reasons, if you know about SCO's
C2!), nor does it do much else of any use, and in fact it makes a bit
of a mess of the config files.

While SCO did a grand job of porting most of SysVr3.2/386, including
layers (though I didn't test it, and it's not in the sysadmsh kernel
config menu, where "Layers" refers to shl), they still managed to
screw up quite a bit of stuff.  There's still that devil of a
programme 'mkdev'.  And what happened to sysadm and face?  All on the
source tape....

[ Sorry if I'm repeating the complaints of others.  The past 2 hours
  of my time constituted my first experience trying to do the 5 minute
  job of configuring a UUCP connection to an SCO UNIX site.  As a
  result I'm *very* frustrated!  Sorry SCO, but you'll never sell
  another copy to anyone I have influence with (unless they are the
  military, and *require* C2 secure systems). ]

[ PS, I must admit part of the 2 hours was spent trying to learn
  enough about the security stuff to disable it, with only online
  manuals at 1200bps, and a fair bit of ls'ing and find'ing. ]
-- 
						Greg A. Woods

woods@{eci386,gate,robohack,ontmoh,tmsoft}.UUCP
+1-416-443-1734 [h]  +1-416-595-5425 [w]    VE3-TCP	Toronto, Ontario CANADA