SUMMARY: 2nd Level Security Package

From: wbbart!cau@abars.att.com
Date: Tue Nov 17 1992 - 17:21:10 CST


The original question was.

Does anyone have knowledge of a software package that adds a second level
of login security when logging in remotely thru a modem?

I received the following responses:

-- 
 (1)

I just got a blurb in the mail from CoSystems, Inc. in Santa Clara who sell a product called CoSECURE, which sounds like it's a full-featured modem security package for Suns (including dial-back, time and date controls, and global or individual access parameters) I have no other knowledge of this product, however, and have not actually seen it.

Their number is (408) 748-2190 and their e-mail is amdcad!cosys!support

(2)

some modems allow you to enable a password on themselves - e.g., telebit's.

(3) This would be for Bell Labs Only

At Crawford Hill, we run a modified version of /bin/login which includes the SysV routines for dialup passwords. In case you're unfamiliar with this, it takes these steps: - After getting the user's name and password, it checks for the presence of the file /etc/dialups - If it exists, /etc/dialups is scanned for a line which matches the one the user is on. In other words, /etc/dialups has a list of modem tty's, one per line - If the user is on a modem line, it checks the file /etc/d_passwd for a line matching the user's shell. If there is a password associated with that shell, the user is prompted and the password checked. This shell-matching allows /usr/lib/uucp/uucico to have no dialup password.

We have used this for several years, currently on SunOS 4.1.1. Because you are in Bell Labs, I am able and willing to give you the source.

I have been assured by Sun techies that this mechanism is in Solaris 2.0, having been brought over with the rest of SysV, so when we switch to that, we'll no longer have to install our own /bin/login.

(4) I have a modified login program that I originally got through a request to this list, although I have modified it a little to work with SunOS 4.0.3 and SunOS 4.1.1, and to allow uucp connections through without any extra security.

It requires an extra entry in /etc/passwd. The password coresponding to this "dialup" user must be given for a dialup login (shell != /usr/lib/uucp/uucico) to succeed.

We actually only specify this login program on getty table entries used on dialup lines, so it has not been tested very much with rlogin etc.

You can use anonymous ftp to get it from cvedg.Prime.COM (130.21.220.1). It is in /pub/login_dialup.1.2.c

(5)

ARM - also known as SunShield. Adds all kinds of stuff for login qualification, as well as modem and port passwds.

Thanks to the following for their quick responses.

Steve Swaney Charles W. Maxson Tim Hoogasian Wilson H. Bent, Jr. Kevin Quinlan Kevin Sheehan

-- Charles A. Uretzky Dept. 59227 AT&T Bell Labs, W. Long Branch N.J. 908-870-7741 att!abars!cau or cau@abars.att.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:53 CDT