Proper procedure for AUTOLOGIN in SCO
Robert J Woodhead
trebor at biar.UUCP
Tue Mar 7 12:18:29 AEST 1989
Thanks to the many people who mailed me on how to set up an AUTO account.
You got me pointed in the right direction, although there were a few twists
and turns that nobody expected.
Here is the procedure that works for me:
----------------------------------------------------------------------------
How to set up an AUTO login account in SCO Xenix in XX easy steps.
1) Select the port you want to use for AUTO login. I chose tty08, one of
my multiscreens, for my testing.
2) Disable the port; execute "disable tty08" (everything done from root)
3) Examine /etc/ttys and note the entry for tty08. In my case it was
"0mtty08".
4) Edit /etc/gettydefs and find the current entry for tty08. This is the
entry that starts with the letter that was the second character in
the /etc/ttys entry. In this case, it is "m", which in my file was
m # B9600 HUPCL # B9600 CS8 SANE HUPCL TAB3 ECHOE IXANY # \r\n@ login: # m
Make a copy of this entry, paste it in at the end of the file, and
modify it as follows: change the two m's to the first unused entry,
in my case, "p". Add "# AUTO /etc/login" to the end of the line.
Most important, take all the entries in the third field and add them
to the second field. If you don't do this, your login will come up in
RAW mode, which is disconcerting to say the least. It seems that when
you do an AUTO login, a stty with the arguments in the third field is
not done, because getty is being bypassed. Thus my new entry looked
like this:
p # B9600 HUPCL CS8 SANE TAB3 ECHOE IXANY # B9600 CS8 SANE HUPCL TAB3 \
ECHOE IXANY # \r\n@ login: # p # AUTO /etc/login
All on one line, of course.
When you save this file, make sure that your editor doesn't muck up
the permissions (mg did).
5) Use mkuser to create a new user named for the terminal; in my case
the user was named "tty08".
6) Edit /etc/passwd and change the password field of "tty08" to null.
Otherwise you will be asked for a password. Note that this opens
up a security hole in your system as anyone who is in the know can
now log into your system under this account.
7) enable the port with "enable tty08" and you should be up and running.
If not, reboot your system (We did a lot of mucking around because
of the raw mode problem, so it's unclear to us if you need to reboot
and we are too lazy to go check).
Thats all there is to it. I am however VERY disturbed about the security
hole created by the AUTO process. It seems to me that if they have gone
to the trouble to provide the AUTO escape, then there should be a way to
restrict certain accounts to certain terminals. In this case I can just
put some code in the .profile to check if tty returns '/dev/tty08' and
log the user out if not (right?), but is there a better way to do this? And
is the above approach secure?
+---------------------------------------------------------------------------+
| Robert J Woodhead !uunet!cornell!biar!trebor CompuServe 72447,37 |
| Biar Games, Inc., 10 Spruce Lane, Ithaca NY 14850 607-257-1708,3864(fax) |
+---------------------------------------------------------------------------+
| Games written, Viruses killed "I'm the head honcho of this here spread; |
| While U Wait. Take a number. I don't need no stinking disclaimers!!!" |
+---------------------------------------------------------------------------+
More information about the Comp.unix.xenix
mailing list