more secure login

[Larry Tepper]

I modified login for both V7 and 4.1BSD to do just that (i. e.
hang up after a bad password is typed).  My version gives you
three chances before exiting.  It waits 20 seconds before it
exits, to slow down automated password breakers.

Logging in over over a dial-up also requires the user to type a
second password (the `External Security' password -- remember
this from fortune?).  A dial-up is recognized as a login terminal
whose name starts with "ttyd".  The 2nd password is determined by
the dummy user name `dialup' in /etc/passwd.

Just as the original login always asks for a password, even when
given an invalid login name, so too does this version always ask
for the external security password, even when the 1st password
is wrong.  There is an exception, namely:

To make life easier for uucp, the 2nd password is not requested
over a dial-up if the user's login shell is "/usr/lib/uucp/uucico"
(except when the 1st password is incorrectly given).  This seemed
the safest way of ensuring that a user really is uucp.

Notification of all logins attempts over a dial-up, successful or
not, are sent to the system console.  A system administrator can
look at the console sheets for suspicious activity.

It would be impossible to post the sources, even diffs, to the net
without violating the UNIX license agreement.  Would someone like
to comment on the legalities of mailing it electronically assuming
I've been given hard evidence of the receiver's UNIX source license?
-- 
{ihnp4 hao philabs sdcrdcf ucbvax!nbires}!stcvax!lat	Larry Tepper
Storage Technology, MD-3T, Louisville, CO 80028		303-673-5435