test

System Administration Guide: Security Services

ProcedureHow to Create a Dial-Up Password

Caution – Caution –

When you first establish a dial-up password, be sure to remain logged in to at least one port. Test the password on a different port. If you log off to test the new password, you might not be able to log back in. If you are still logged in to another port, you can go back and fix your mistake.

  1. Assume the Primary Administrator role, or become superuser.

    The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Create an /etc/dialups file that contains a list of serial devices.

    Include all the ports that are being protected with dial-up passwords. The /etc/dialups file should appear similar to the following:


    /dev/term/a
/dev/term/b
/dev/term/c

  3. Create an /etc/d_passwd file that contains the login programs that you are requiring to have a dial-up password.

    Include shell programs that a user could be running at login, for example, uucico, sh, ksh, and csh. The /etc/d_passwd file should appear similar to the following: 


    /usr/lib/uucp/uucico:encrypted-password:
/usr/bin/csh:encrypted-password:
/usr/bin/ksh:encrypted-password:
/usr/bin/sh:encrypted-password:

    Later in the procedure, you are going to add the encrypted password for each login program.

  4. Set ownership to root on the two files.


    # chown root /etc/dialups /etc/d_passwd

  5. Set group ownership to root on the two files.


    # chgrp root /etc/dialups /etc/d_passwd

  6. Set read-and-write permissions for root on the two files.


    # chmod 600 /etc/dialups /etc/d_passwd

  7. Create the encrypted passwords.

    1. Create a temporary user.


      # useradd username

    2. Create a password for the temporary user.


      # passwd username
New Password:  <Type password>
Re-enter new Password:   <Retype password>
passwd: password successfully changed for username

    3. Capture the encrypted password.


      # grep username /etc/shadow > username.temp

    4. Edit the username.temp file.

      Delete all fields except the encrypted password. The second field holds the encrypted password.

      For example, in the following line, the encrypted password is U9gp9SyA/JlSk.


      temp:U9gp9SyA/JlSk:7967:::::7988:

    5. Delete the temporary user.


      # userdel username

  8. Copy the encrypted password from username.temp file into the /etc/d_passwd file.

    You can create a different password for each login shell. Alternatively, use the same password for each login shell.

  9. Inform your dial-up users of the password.

    You should ensure that your means of informing the users cannot be tampered with.