test

System Administration Guide: Security Services

How to Create a Dial-up Password

Caution – Caution –

When you first establish a dial-up password, be sure to remain logged in on at least one port while you are testing the password on a different port. If you make a mistake while you are installing the extra password and log off to test the new password, you might not be able to log back on. If you are still logged in on another port, you can go back and fix your mistake.

  1. Become superuser or assume an equivalent role.

  2. Create an /etc/dialups file that contains a list of serial devices, including all the ports that will require dial-up password protection.

    The /etc/dialups file should look like the following: 


    /dev/term/a
/dev/term/b
/dev/term/c

  3. Create an /etc/d_passwd file that contains the login programs that will require a dial-up password, and the encrypted dial-up password.

    Include shell programs that a user could be running at login, for example, uucico, sh, ksh, and csh. The /etc/d_passwd file should look like the following: 


    /usr/lib/uucp/uucico:encrypted-password:
/usr/bin/csh:encrypted-password:
/usr/bin/ksh:encrypted-password:
/usr/bin/sh:encrypted-password:

  4. Set ownership to root on the two files.


    # chown root /etc/dialups /etc/d_passwd

  5. Set group ownership to root on the two files.


    # chgrp root /etc/dialups /etc/d_passwd

  6. Set read and write permissions for root on the two files.


    # chmod 600 /etc/dialups /etc/d_passwd

  7. Create the encrypted passwords.

    1. Create a temporary user.


      # useradd username

    2. Create a password for the temporary user.


      # passwd username

    3. Capture the encrypted password. 


      # grep username /etc/shadow > username.temp

    4. Edit the username.temp file.

      Delete all fields except the encrypted password (the second field).

      For example, in the following line, the encrypted password is U9gp9SyA/JlSk.


      temp:U9gp9SyA/JlSk:7967:::::7988:

    5. Delete the temporary user.


      # userdel username

  8. Copy the encrypted password from username.temp file into the /etc/d_passwd file.

    You can create a different password for each login shell, or use the same password for each login shell.