Replacing /bin/login under AIX 3.1

Replacing /bin/login under AIX 3.1

Post by R. Lindsay To » Sun, 20 Jan 1991 04:41:13



Hi -- I need to provide an alternate login program on my RS6000's
(to provide Kerberos authentication for AFS).  However, simply
replacing /bin/login with another version doesn't work.  Upon
further study, I noticed that /bin/login is a hard link to /etc/getty
and /etc/tsm; it also became clear the /etc/getty takes care of
authentication itself!

Now, /etc/security/login.cfg and /etc/security/user seems to have some
hooks for providing alternative authentication methods.  However, my
CD-ROM wears a bit thin in this area.  Has anyone successfully used
these hooks to provide an alternative login mechanism?

Is there any other way I could use a substitute login program?
--
R. Lindsay Todd, Systems Programmer
ECS, Rensselaer Polytechnic Institute, Troy, NY 12180-3590

 
 
 

Replacing /bin/login under AIX 3.1

Post by Rooty toot to » Sun, 20 Jan 1991 05:48:46



Quote:

>Hi -- I need to provide an alternate login program on my RS6000's
>(to provide Kerberos authentication for AFS).  However, simply
>replacing /bin/login with another version doesn't work.  Upon
>further study, I noticed that /bin/login is a hard link to /etc/getty
>and /etc/tsm; it also became clear the /etc/getty takes care of
>authentication itself!

We too wish to modify our /bin/login for Kerberos authentication
purposes.  Various folks here at the university as well as from
Transarc Corp. have been trying to get the source from IBM in order
to modify it.  Apparently the RS/6000s do not use /bin/login as most
other unix machines do.  Additionally, your problems don't end there.  
According to Transarc, telnetd must be modified too.
For now we are waiting patiently to get our hot little
hands on the source so that we may hack it.

Quote:>Now, /etc/security/login.cfg and /etc/security/user seems to have some
>hooks for providing alternative authentication methods.  However, my
>CD-ROM wears a bit thin in this area.  Has anyone successfully used
>these hooks to provide an alternative login mechanism?

I looked at the alternative authentication methods too.  The big
problem I saw was that there was no way to trap the password from the
system login to use in any of the alternate authentication methods.
If anyone knows how to do this, please tell us!

Quote:>Is there any other way I could use a substitute login program?

The only way I know of is to arrange to obtain the source from IBM.
If you find another way, please post.

>R. Lindsay Todd, Systems Programmer
>ECS, Rensselaer Polytechnic Institute, Troy, NY 12180-3590




University of Michigan

<insert amusing quip here>

 
 
 

Replacing /bin/login under AIX 3.1

Post by John F Haugh » Thu, 24 Jan 1991 07:41:10



Quote:>Now, /etc/security/login.cfg and /etc/security/user seems to have some
>hooks for providing alternative authentication methods.  However, my
>CD-ROM wears a bit thin in this area.  Has anyone successfully used
>these hooks to provide an alternative login mechanism?

The /etc/security/user file contains two fields, auth1 and auth2, which
can be used to configure the authentication process very finely.

The default "auth1" value is "SYSTEM", which is a built-in method which
performs the usual "prompt for Password: and compare against encrypted
version" authentication.  If you replace "auth1 = SYSTEM" with something
like "auth1 = KERBEROS" you will have to add a "KERBEROS" stanza to
/etc/security/login.cfg.

For this example, assume a program "/etc/kerberos_auth" which takes a
user ID as an argument, does some processing based on that argument,
and exits with zero for success, and non-zero otherwise.  Assume that
the user "bob" exists and will be authenticated using the built-in
method as well as the "KERBEROS" method.

Start by changing bob's "auth1" attribute with the command "chuser
auth1=SYSTEM,KERBEROS bob".  Then manually edit the /etc/security/login.cfg
adding the stanza

--
KERBEROS:
        program = /etc/kerberos_auth

--

After bob enters his password, the second program will be executed
as "/etc/kerberos_auth bob".  It is us to that program to get the
Kerberos tickets, etc, and exit with 0 if the user is properly
authenticated, and non-zero otherwise.
--
John F. Haugh II      |      I've Been Moved     |    MaBellNet: (512) 838-4340
SneakerNet: 809/1D064 |          AGAIN !         |      VNET: LCCB386 at AUSVMQ
BangNet: ..!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)

 
 
 

Replacing /bin/login under AIX 3.1

Post by Robin D. Wils » Fri, 25 Jan 1991 02:03:44



Quote:

>Hi -- I need to provide an alternate login program on my RS6000's
>(to provide Kerberos authentication for AFS).  However, simply
>replacing /bin/login with another version doesn't work.  Upon
>further study, I noticed that /bin/login is a hard link to /etc/getty
>and /etc/tsm; it also became clear the /etc/getty takes care of
>authentication itself!

>Now, /etc/security/login.cfg and /etc/security/user seems to have some
>hooks for providing alternative authentication methods.  However, my
>CD-ROM wears a bit thin in this area.  Has anyone successfully used
>these hooks to provide an alternative login mechanism?

>Is there any other way I could use a substitute login program?

You can add a "logger" attribute to the ODM databases PdAt and CuAt that
points to the program you want to run.  Be forwarned that this will not work
very well until update 3003.   Then when you login the "logger" of your choice
will be used.

--
+-----------------------------------------------------------------------------+
|The views expressed herein, are the sole responsibility of the typist at hand|
+-----------------------------------------------------------------------------+

|USNail:   701 Canyon Bend Dr.                                                |
|          Pflugerville, TX  78660                                            |
|          Home: (512)251-6889      Work: (512)823-3015                       |
+-----------------------------------------------------------------------------+

 
 
 

1. Problem with /bin/bellmail on AIX 3.1

This should be a very simple and some of you might have encountered before.
I was using the standard .cf file from IBM and have my /usr/spool/mail
mounted from
a fileserver.  We shares our /usr/spool/mail directory among all our
workstations.
I tried to send a message to another local user on the same NIS (YP)
database. Below is the verbose
output that I got. It appeared to me that bellmail has problem writing
to a NFSed directory. It didn't help
even if I gave root access to the workstation on the fileserver.
I umounted the /usr/spool/mail and the message went fine.

The solution I am using now is to forward all the mail messages
(including local message) to the mail
server.  It also seems working fine since it is not using /bin/bellmail at all.

Any pointers and ideas are welcome.

Thanks

Eldon Chan
------------------------------------------------------------------------
----------------------------

cad610 267> mail -v bsriniv
Subject: test
ignore
.
Cc:
echan... setsender: uid/gid = 1555/1550
bsriniv... Connecting to .local...
bsriniv... Connecting to  (local)...
bsriniv... openmailer: DefUid 1, DefGid 1
bsriniv... openmailer: set ctladdr uid/gid 1555/1550
bsriniv... execve: uid = 1555, gid = 1550
bellmail: cannot append to /usr/spool/mail/bsriniv
Mail saved in /home/unx/echan/dead.letter
bsriniv... unknown mailer error 1

2. converting object file to library

3. hacked /bin/login: can't replace it

4. usb -> ide disk enclosure (Lindy)

5. Replacing /bin/login on AIX3.1

6. Mouse problems

7. newbie: how can I replace /bin/login

8. RlimitCPU

9. Can /bin/csh be replaced with /bin/tcsh?

10. perl 4.010 under AIX 3.1 (3003) and AIX 3.1.5

11. Malloc AIX 3.1 vs. AIX 3.2

12. AIX 3.1 restore program on AIX 1.2?

13. /usr/bin, /usr/local/bin, /sbin or /opt/bin, /var/opt/bin - I'm confused.