dd_ppaasssswwdd -- System Administration

Give passwords for devices
/eettcc/dd_ppaasssswwdd

The COHERENT  system lets  you force  classes of users  who log  in through
particular devices to enter an extra password.  This helps you protect your
system against people who may be try to break into your system via modem.

When a user  attempts to log in, the command  llooggiinn check file /eettcc/ddiiaalluuppss
(should it exist) to see if  this device is protected by an extra password.
If this file names the device,  llooggiinn looks in file /eettcc/dd_ppaasssswwdd to see if
that user's  shell is associated  with an extra  password.  If that  is so,
then llooggiinn  prompts the user  for that password,  in addition to  his usual
password as set in file /eettcc/ppaasssswwdd or /eettcc/sshhaaddooww.

Each entry in /eettcc/dd_ppaasssswwdd has the following format:

    _s_h_e_l_l:_p_a_s_s_w_o_r_d:_c_o_m_m_e_n_t

If field _s_h_e_l_l is empty, then  llooggiinn applies this password to all users who
are using shells not named elsewhere within dd_ppaasssswwdd.

The following gives an example of dd_ppaasssswwdd:

    /usr/lib/uucp/uucico::UUCP logins don't have extra password
    /bin/sh:_e_n_c_r_y_p_t_e_d _p_a_s_s_w_o_r_d:normal user with interactive shell
    /bin/ksh:<encrypted password>:normal user with interactive shell

To  recreate the  function of  the  account rreemmaacccc  (which llooggiinn  no longer
recognizes as  special), set /eettcc/ddiiaalluuppss  to name your  dial-up ports, and
set dd_ppaasssswwdd to the following:

    :_e_n_c_r_y_p_t_e_d__p_a_s_s_w_o_r_d:people/accounts dialing in

The  following  gives the  contents  of dd_ppaasssswwdd  from  a typical  COHERENT
system:

    :.03qn7EtBd.gi:Default dialup password
    /usr/lib/uucp/uucico:.03qn7EtBd.gi:Dialup password for UUCP
    /bin/sh:.03qn7EtBd.gi:Normal dialup extra password
    /usr/bin/ksh:.03qn7EtBd.gi:Normal dialup extra password

The gibberish between the first and second `:' characters are the encrypted
passwords.  Note that  this user has given the same  password to each shell
upon dialing up.  This probably is a mistake.

_S_e_e _A_l_s_o
AAddmmiinniisstteerriinngg CCOOHHEERREENNTT, ddiiaalluuppss, llooggiinn
