d_passwd -- System Administration

Give passwords for devices
/etc/d_passwd

The COHERENT  system lets  you force  classes of users  who log  in through
particular devices to enter an extra password.  This helps you protect your
system against people who may be try to break into your system via modem.

When a user  attempts to log in, the command  login check file /etc/dialups
(should it exist) to see if  this device is protected by an extra password.
If this file names the device,  login looks in file /etc/d_passwd to see if
that user's  shell is associated  with an extra  password.  If that  is so,
then login  prompts the user  for that password,  in addition to  his usual
password as set in file /etc/passwd or /etc/shadow.

Each entry in /etc/d_passwd has the following format:

    shell:password:comment

If field shell is empty, then  login applies this password to all users who
are using shells not named elsewhere within d_passwd.

The following gives an example of d_passwd:

    /usr/lib/uucp/uucico::UUCP logins don't have extra password
    /bin/sh:encrypted password:normal user with interactive shell
    /usr/bin/ksh:encrypted password:normal user with interactive shell

To  recreate the  function of  the  account remacc  (which login  no longer
recognizes as  special), set /etc/dialups  to name your  dial-up ports, and
set d_passwd to the following:

    :encrypted_password:people/accounts dialing in

The  following  gives the  contents  of d_passwd  from  a typical  COHERENT
system:

    :.03qn7EtBd.gi:Default dialup password
    /usr/lib/uucp/uucico:.03qn7EtBd.gi:Dialup password for UUCP
    /bin/sh:.03qn7EtBd.gi:Normal dialup extra password
    /usr/bin/ksh:.03qn7EtBd.gi:Normal dialup extra password

The gibberish between the first and second `:' characters are the encrypted
passwords.  Note that  this user has given the same  password to each shell
upon dialing up.  This probably is a mistake.

See Also

Administering COHERENT,
dialups,
login

© 2012 by Stephen A. Ness