2nd Level Security Package
2007-12-25 7:59:00
Does anyone have knowledge of a software package that adds a second level
of login security when logging in remotely thru a modem?
I received the following responses:
--
(1)
I just got a blurb in the mail from CoSystems, Inc. in Santa Clara
who sell a product called CoSECURE, which sounds like it's a
full-featured modem security package for Suns (including dial-back,
time and date controls, and global or individual access parameters)
I have no other knowledge of this product, however, and have not
actually seen it.
Their number is (408) 748-2190 and their e-mail is amdcad!cosys!support
(2)
some modems allow you to enable a password on themselves - e.g., telebit's.
(3) This would be for Bell Labs Only
At Crawford Hill, we run a modified version of /bin/login which includes
the SysV routines for dialup passwords. In case you're unfamiliar with
this, it takes these steps:
- After getting the user's name and password, it checks for
the presence of the file /etc/dialups
- If it exists, /etc/dialups is scanned for a line which matches
the one the user is on. In other words, /etc/dialups has a list
of modem tty's, one per line
- If the user is on a modem line, it checks the file /etc/d_passwd for
a line matching the user's shell. If there is a password associated
with that shell, the user is prompted and the password checked. This
shell-matching allows /usr/lib/uucp/uucico to have no dialup password.
We have used this for several years, currently on SunOS 4.1.1. Because
you are in Bell Labs, I am able and willing to give you the source.
I have been assured by Sun techies that this mechanism is in Solaris 2.0,
having been brought over with the rest of SysV, so when we switch to that,
we'll no longer have to install our own /bin/login.
(4)
I have a modified login program that I originally got through a
request to this list, although I have modified it a little to work with
SunOS 4.0.3 and SunOS 4.1.1, and to allow uucp connections through
without any extra security.
It requires an extra entry in /etc/passwd. The password coresponding
to this "dialup" user must be given for a dialup login (shell !=
/usr/lib/uucp/uucico) to succeed.
We actually only specify this login program on getty table entries
used on dialup lines, so it has not been tested very much with rlogin
etc.
You can use anonymous ftp to get it from cvedg.Prime.COM
(130.21.220.1). It is in /pub/login_dialup.1.2.c
(5)
ARM - also known as SunShield. Adds all kinds of stuff for login qualification,
as well as modem and port passwds.
Thanks to the following for their quick responses.
Steve Swaney
Charles W. Maxson
Tim Hoogasian
Wilson H. Bent, Jr.
Kevin Quinlan
Kevin Sheehan
--
Charles A. Uretzky
Dept. 59227
AT&T Bell Labs, W. Long Branch N.J.
908-870-7741 att!abars!cau or cau@abars.att.com
Comments
Got something to say?
You must be logged in to post a comment.
