Cover V05, I05
Article
Listing 1
Sidebar 1
Sidebar 2

may96.tar

Sidebar: Logging in with Nontypical Names

Logins of the form P12 are no problem when the user logs in over a network. Getting in over a modem, however, is harder. The problem has to do with /etc/getty, the UNIX daemon that monitors the serial port. getty prompts the user for a login name and a password, and passes the information to the program /bin/login, which verifies the password and starts the user's shell.

The problem is that getty does something more: it decides if the user's terminal can send lowercase characters. This functionality seems to be a throwback to the early days of UNIX when some terminals only sent uppercase characters. Because UNIX commands are lowercase, such a terminal would be useless unless something was done. What was done was that getty looks for at least one lowercase character in the user's ID. If it finds one, getty tells login that the terminal can send lowercase. If it doesn't, then login assumes the terminal can only send uppercase, and automatically converts everything to lowercase. Therefore, a user with a P12 login and a password like ABCDE12 can't log in because everything is changed to lowercase.

The workaround is straightforward: P12 logs in as "a" with a password of "b." getty passes this information to login, including the fact that the user's terminal has upper- and lowercase. Now login takes over and issues a "password incorrect" message. The user types P12 and ABCDE12, but now login, not getty, is running. login already knows the terminal is upper/lowercase so it just checks the password, and lets the user log in.

It's surprising to me that getty's "case mangling" feature can't be disabled. It was once useful, but nowadays probably gets in the way more than it helps. Maybe other versions of UNIX don't have this problem. We're currently running HP-UX 9.04.

Luckily, only users who log in over a true serial line (for example, from home over a modem) are affected by the getty glitch. Users in the office either have a PC running a terminal emulation package over a network, or a serial terminal. PCs, because they're coming in over the network, talk not to getty but to telnetd, the process that monitors network logins. telnetd doesn't do casemangling, and so there's no problem. The serial terminals would have a problem if the terminals were connected via a true serial connection, for example, through a MUX. They aren't. Rather, they're connected through DTCs, network devices that provide a serial connection to the serial terminal but a network interface to the host. The result is that the host doesn't see a serial connection and doesn't use getty for the serial terminals.


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com