/etc/pwcntl on the 3B1 (3.51), anyone?

Thu Dec 8 17:09:28 AEST 1988

In article <5439 at cbmvax.UUCP> ditto at cbmvax.UUCP (Michael "Ford" Ditto) writes:
>In article <7059 at chinet.chi.il.us> ignatz at chinet.chi.il.us (Dave Ihnat) writes:
>>Before I waste my time re-inventing the wheel, I guess I'll ask here.
> [ ... ]
>>Has someone else taken this file apart?  If not, it shouldn't be too
>>outrageous, but I'd prefer not to duplicate effort. 
>
>When I first looked at this file a long time ago, I was under the
>impression that it only recorded failed login attempts, but since it
>was definately modified when I logged in just now, I guess I was
>wrong.  It definitely does record unsuccessful attempts, though;
>even unknown login names.
>
>Here's what I've been able to figure out from the file itself:
>
>	struct pwcntl
>	{
>	    char name[8];	/* name entered at login: */
>	    int uid;		/* seems to be garbage for failed logins */
>	    char flag;		/* always 'Y' or 'N', what does it mean? */
>	    /* char pad; */
>	    long last_login;	/* last login attempt */
>	    long first_login;	/* time when this entry was created */
>	    long unknown;	/* always zero, what does it mean? */
>	}; /* 26 bytes total */
>
>Has anyone ever seen this file on anything other than a Unix PC?
>Anyone with further observations/conclusions, please post!

No, I have not seen this file on any other UNIX system. I think it was created
especially for the UNIXpc. The major use for this file is maintaining users
through the Ulogin program, which is run by the administration window stuff.

The "flag" field is the "expert user" flag, from Ulogin. The unknown field is
the "Space" field from the Ulogin screen, which shows disk space usage of each
user. Unfortunately, it is only used internally by Ulogin, and so does not
reflect values outside Ulogin. I think they intended to do more with this
field, but never got around to it. The "pad" field seems to be just that. I
can't find any reference to it in either login or Ulogin. It is probably some
other kind of flag like the expert flag that never got used.

If a user has been created by hand (not with Ulogin), an entry will be created
the first time the user is logged in. If a user is created with Ulogin, the
create time is set to then, with the first login set to 0. Everytime a user
name is entered into login, pwcntl is updated BEFORE the password is CHECKED.
Thus, ALL login attempts are recorded. For those of you who have a lot of
public access, some of the attempts will be quite interesting. This makes pwcntl
a good place to look for break-in attempts. A lot of typos and line noise
"names" get entered here too.

NOTE: If you run Ulogin stand-slone from the shell, be warned:
It sends a "^[[=0w", which disables autowrap, send "^[[=1w" to turn it back on.

If somebody whips up a util for dumping pwcntl, post it to unix-pc.sources

l
i
n
e
s

for rn

John
-- 
John Bly Milton IV, jbm at uncle.UUCP, n8emr!uncle!jbm at osu-cis.cis.ohio-state.edu
(614) h:294-4823, w:764-2933;  Got any good 74LS503 circuits?