Login security question (Easy?)

Login security question (Easy?)

Post by Raa3 » Tue, 01 Jun 1999 04:00:00



This should be easy to answer.  I don't know the answer because I am new to
UNIX. So if you can be of help I would appreciate it.

I have set up a phone line to be able to dial in to my HP-UX 10.20 server and
it works fine.  The problem is that when dialing in you get a normal login
prompt and then the password prompt.  I want to add one more additional
password layer for the those that dial in

Also, is it possible to restrict login names that can dial in?  All of the dial
in traffic will pass through one DTC (with an RS 232 between the modem and the
DTC) while everyone else will the other DTC's.

Thanks for the help,

Robert

 
 
 

Login security question (Easy?)

Post by Colin McKinno » Mon, 07 Jun 1999 04:00:00



>This should be easy to answer.  I don't know the answer because I am new to
>UNIX. So if you can be of help I would appreciate it.

>I have set up a phone line to be able to dial in to my HP-UX 10.20 server
and
>it works fine.  The problem is that when dialing in you get a normal login
>prompt and then the password prompt.  I want to add one more additional
>password layer for the those that dial in

>Also, is it possible to restrict login names that can dial in?  All of the
dial
>in traffic will pass through one DTC (with an RS 232 between the modem and
the
>DTC) while everyone else will the other DTC's.

>Thanks for the help,

>Robert

Emm, well the proper way to do it would be to re-write getty & login. On the
other hand you could add something in the profile script to:
1) disable ctrl-c / break as soon as the shell starts:
    stty -isig
2) Check the tty they are using and if it's a dial-in line then run another
another login - If they're coming in via a dtc then you need to lock down
the tty number - although using a modem on a dtc is probably a * VERY BAD
IDEA * if you're concerned about security - with the software I've got the
host can't tell when the line has gone down.

Colin
--
+------------------------------+---------------------------+
| Retype address to send Email | spambots, please send your|
|                              | Email to                  |
+------------------------------+---------------------------+



+------------------------------+---------------------------+

 
 
 

Login security question (Easy?)

Post by Cameron Lemo » Tue, 08 Jun 1999 04:00:00


Try RADIUS or TACACS[+].  More work and infrastructure costs, but depending,
it may be worthwhile.

>snip>

 
 
 

1. unix login question (easy?)

This should be easy to answer.  I don't know the answer because I am new to
UNIX. So if you can be of help I would appreciate it.

I have set up a phone line to be able to dial in to my HP-UX 10.20 server and
it works fine.  The problem is that when dialing in you get a normal login
prompt and then the password prompt.  I want to add one more additional
password layer for the those that dial in

Also, is it possible to restrict login names that can dial in?  All of the dial
in traffic will pass through one DTC (with an RS 232 between the modem and the
DTC) while everyone else will the other DTC's.

Thanks for the help,

Robert

2. Help with XDM please!

3. Easy Login question

4. 95 -> linux fast; but linux -> 95 slow!

5. unix login question (easy?)

6. Unrecognised video card in RH 5.2 ?

7. Easy question , Easy answer ?

8. printer HP 870cxi setting ?

9. easy easy question

10. easy easy easy one

11. Xwindows graphical login security question

12. security/failed login question

13. FTP Login Security Question