[192] in Info-AFS_Redistribution
Re: changing "auth1" authentication method in AIX 3.1
daemon@ATHENA.MIT.EDU (Adam Stoller)
Wed Jul 3 18:29:03 1991
Date: Wed, 3 Jul 1991 14:56:42 -0400 (EDT)
From: Adam Stoller <ghoti+@andrew.cmu.edu>
To: Info-AFS@transarc.com, bob@ibmpa.awdpa.ibm.com (Bob Andrews)
Cc: Info-AFS@transarc.com
In-Reply-To: <9107031803.AA22228@pit.awdpa.ibm.com>
(I think this is in line with what was being discussed)
We set up our machines using 'smit' to indicate that it should use a
different program for handling the authentication at login:
(as root)
% smit
- Security and Users
--Users
---Change / Show Characteristics of a User
---- {enter in userid name - hit Enter]
(a screen full of data appears - look for PRIMARY and SECONDARY
authentication method)
PRIMARY authentication method -> [afs;userid]
SECONDARY authentication -> []
In /etc/security/login.cfg we added the following entry:
afs:
program = /bin/auth-afs
auth-afs is below (appologies for the legth of the copyright notice ;-)
When we login to our 6000's we get prompted for the password by klog -
not by AIX.
================
/*************************************************************
(c) Copyright Carnegie Mellon University 1991
Produced by the Information Technology Center with a grant from IBM.
Permission is hereby granted without fee to use, execute,
reproduce, display, perform, distribute (internally only) copies of,
and prepare derivative works based upon this software and its
documentation solely for nonprofit research and educational purposes or
for internal business purposes, but not for development of a product
intended for or resulting in commercial distribution or direct
commercial exploitation, provided that the above copyright notice
appears in all copies and that both that copyright notice and this
permission notice appear in supporting documentation, and that the
names of Carnegie Mellon University and IBM not be used in advertising
or publicity pertaining to distribution of the software without
specific, written prior permission. Export of this software is
permitted only after complying with the regulations of the U.S.
Department of Commerce relating to the Export of Technical Data.
IBM AND CARNEGIE MELLON DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR ANY PARTICULAR PURPOSE, IN NO EVENT SHALL IBM OR CARNEGIE
MELLON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
*************************************************************/
#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
#define KLOG "/usr/local/bin/klog"
int main(argc,argv)
int argc;
char *argv[];
{
struct passwd *pw = NULL;
if (argc != 2) {
fprintf(stderr, "Usage: %s login_id.\n", argv[0]);
exit(1);
}
if ((pw = getpwnam(argv[1])) == NULL) {
fprintf(stderr, "Call to getpwnam(%s) failed.\n", argv[1]);
exit(2);
}
if (setuid(pw->pw_uid)) {
fprintf(stderr, "Call to setuid(%d) failed.\n", pw->pw_uid);
exit(3);
}
execl(KLOG, "klog", argv[1], 0);
/* Won't get here unless execl fails! */
fprintf(stderr, "%s not found (my guess).\n", KLOG);
exit(4);
}
