Dialup Passwords (was Re: Login passwords: not as selective ...)

[Lenny Tropiano]

In article <563 at kosman.UUCP> kevin at kosman.UUCP (Kevin O'Gorman) writes:
|>I was just fiddling around with the login password stuff that was posted
|>a while ago.  It worked as advertised, at least as far as what it did
|>to /etc/dialups and /etc/d_passwd.  However, the underlying behaviour of
|>/etc/login seems at odds with what I thought it was supposed to be.
|>
|>I thought that ONLY the shells named in /etc/d_passwd would get prompted
|>for a password.  This is not the case on my machine: anyone logging in
|>on a line listed in /etc/dialups seems to have to go through this.
|>
...
Well actually for some reason, I thought that was the way.  I've noticed
it's not, at least not on the UNIX pc.  I haven't had a chance to try it
on the 3B2 or 6386WGS in the office, but I seem to remember if the shell 
was not listed in the /etc/d_passwd, it wouldn't ask for "Dialup Password:".

Since I was the one who posted the dpasswd program, I did some investigating
of my own.  I don't use dialup passwords here locally, it's something I 
really don't need the extra security.  Only "trusted" users really get
access to my UNIX PC, and only a *select few* have shell access in my
non-restrictive filesystem.  I do have a "restrictive filesystem setup" for
those who _needed_ access.  Basically a "chroot(1M)'d filesystem"...

It seems to get Dialup Passwords to work correctly, at least on the UNIX PC,
you need to specify *ALL* shells that you have in /etc/passwd, in 
/etc/d_passwd, but you don't need to have a password on the line.  This
can be done by editting /etc/d_passwd, and placing a line like:

/usr/lib/uucp/uucico::

This will allow all uucico transactions to login without a dialup password,
or you can use dpasswd [posted back a month or two by me] like:

# dpasswd -v -p /usr/lib/uucp/uucico
New Dialup Password: <CR>
Retype Dialup Password: <CR>
dpasswd: Dialup program restriction added for /usr/lib/uucp/uucico.

# cat /etc/d_passwd
/usr/lib/uucp/uucico::

|>This is not good.  All my uucp hookups use a shell called
|>/usr/lib/uucp/uucicoTZ (not a script, but a short compiled front end).
|>These were getting the Dialup Password: prompt.  Not what I had in mind.
|>
...
In this case the shell would be /usr/lib/uucp/uucicoTZ.

Sorry for any confusion ... Hope this helps ...
-Lenny
-- 
Lenny Tropiano             ICUS Software Systems         [w] +1 (516) 582-5525
lenny at icus.islp.ny.us      Telex; 154232428 ICUS         [h] +1 (516) 968-8576
{talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny  attmail!icus!lenny
        ICUS Software Systems -- PO Box 1; Islip Terrace, NY  11752