home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Gold Fish 1
/
GoldFishApril1994_CD1.img
/
d2xx
/
d243
/
password
/
password.doc
< prev
next >
Wrap
Text File
|
1989-09-04
|
15KB
|
274 lines
Program: password
Programmer: George Kerber
Written: 05/22/89 - 07/31/89
Version: v1.21p
Application: AmigaDOS
Purpose: Provides password protection. Operation is similar to
the UNIX passwd command.
SYNTAX: password [ -a | ? ]
Use the -a option from your startup sequence and no options
to access the change password utility.
Password change will only be accessible once the "password -a"
program has been executed at boot time.
Installation: The following directions must be followed exactly, or password
will fail or destroy system security.
Copy password to the c: directory of your boot disk and to the
c: directory of your system disk (if they are different).
Startup-Sequence
A few commands for setup must be completed in your
startup-sequence before executing password. You should only
execute what is absolutely necessary in your startup-sequence.
If you have a hard-drive and are booting from a floppy, you
should mount the hard-drive first. You must assign sys: to
wherever it should be. In other words, if you do have a
hard-drive, assign sys: to your hard-drive. Otherwise
assign sys: to your boot floppy.
assign sys: df0: or assign sys: dh0: etc...
For accounting purposes, your battery clock (if it exists)
should be read before executing password. (see below)
For a floppy system, at minimum (and probably maximum) your
startup-sequence should look like this:
assign sys: df0:
read your battery clock....
password -a
endcli
A workable startup-sequence and startupII has been included
with this archive that will work for a floppy system.
The following series of commands are executed from within
the password program:
c:addbuffers df0: 10
c:makedir ram:env
c:makedir ram:clipboards
c:makedir ram:t
c:resident c:assign pure
c:assign C: sys:c
c:assign DEVS: sys:devs
c:assign LIBS: sys:libs
c:assign S: sys:s
c:assign SYSTEM: sys:system
c:assign L: sys:l
c:assign FONTS: sys:fonts
c:assign T: ram:t
c:assign CLIPBOARDS: ram:clipboards
c:assign ENV: ram:env
c:mount newcon
c:resident >nil: cli l:shell-seg system pure add
c:newshell newcon:0/0/640/200/Secure-Shell from s:startupII
As you can see, quite a bit of set-up is being done from
the password program. The commands listed above should not
be repeated in the startup-sequence or startupII scripts.
If password is satisfied, it will open a SHELL window and
execute a script called s:startupII. This script must
exist, although nothing has to be done in it. Finish any
commands that you need to complete in startupII. Complete
startupII with a loadwb and endcli command if you want the
workbench to be loaded and shown. The startupII file should
be in the s: directory of your system disk as you assigned it
in your startup-sequence.
There is a script called password.install which if executed
will copy the password program and all supporting files
to your system disk. This script will modify your disks, so
be sure to have current backups. Be aware that your existing
startup-sequence and startupII files will be overwritten.
This password.install script should only be used for
non-hard-drive systems.
The following files should be copied or renamed as described
below. You may choose to use the supplied startup-sequence,
startupII and shell-startup or modify your existing files.
DEFINITIONS:
boot disk: this is the disk that you boot from. It may be
df0: or your hard drive if you auto-boot.
system disk: this is the disk that you assigned to sys: in
your startup-sequence. The boot disk and
system disk may be the same disk.
RENAME:
rename your c:dir command to c:dirx
COPY:
startup-sequence ----- copy to your boot disk s: directory.
startupII ------------ copy to your system s: directory.
password ------------- copy to your boot and system c:
directory.
loop ----------------- rename to dir and copy to your boot
and system disk.
shell-startup -------- copy to your system s: directory.
Directions: Once you have installed password properly, reboot using
your new boot disk. Since this is the first time you
have executed the program, you will be asked for the
maintenance password. This is a hard coded password that
will always work. Keep the maintenance password secure,
since anyone will have complete access to your computer
if they know the maintenance password. You only have one
chance to enter the maintenance password. (see the readme
file for information on obtaining a custom copy of this
program with a unique maintenance password)
The maintenance password is: dict10nary This maintenance
password cannot be located or viewed with a sector editor,
like NewZap.
You will be prompted to enter a user password twice. The user
password must be between 5 and 15 characters. When you finish
creating the user password, your startup-sequence/startupII
will continue. The user password you entered will be stored
in a file called s:password. The password is encoded and is
secure from prying eyes. If this file ever gets deleted,
password will prompt for the maintenance password the next
time the password is needed. Deleting the password file
will not help anyone gain access.
Once you are booted up, you can change the user password
anytime if you know the old password or the maintenance
password. Execute password with no options, you will
be prompted for the old and new passwords. Here you have
the option of removing the password protection. Press
enter when you are asked for the new password. If you
choose to have the password protection removed, password will
still execute on bootup, but will not ask for a password
from the user. You will only have 5 chances to complete
the password change correctly, but you can always try again.
Entering a q at any prompt will terminate the password
change utility. This feature allows your to remove the
password protection easily, without having to change any of
your system setup.
Everytime you boot from this disk, the user will be prompted
for the user password (although the maintenance password can
be entered) unless you have previously set password for
"no password" as described above. The user will only have
three chances to enter the correct password. If the user
makes 3 invalid attempts, the program goes into a loop
and the only way out is to reboot.
Accounting: There are many accounting methods used in the password
program, so the system disk must be writable. The system
clock should also have been set before executing the
password program on bootup as described above.
The system disk is the disk that you assigned sys: to as
one of the first commands in your startup-sequence. If
you assigned sys: to df0:, then df0: must not be
writeprotected. If you assigned sys: to a hard-drive, then
it is already writable. Password will check if it can
write to the system disk and prompt the user if the sys:
disk is writeprotected. If the user doesn't correct the
trouble, it's loop time....
Every incorrect password entered on bootup is recorded in
a file called s:Access on your system disk.
The date and time of every boot is recorded in a file called
s:usage on your system disk.
Every access attempt that fails for any reason has the date
and time recorded in both the s:usage file and l:denied.
Once the user gives the correct password, the program
checks if any previous access's have been denied, if so
the date and time will be displayed to the user. So whenever
an authorized user boots up the Amiga, they will be notified
of any unauthorized access attempts, and a permanent record
of all unauthorized access attempts will be maintained in
a file called l:denied.
Security: There is a program called loop included in this archive.
This program can be used to assist in system security to
insure that the system was booted properly using the
password program. I suggest that you rename the dir
command in your c: directory to dirx and then rename
loop to dir and copy it to your c: directory. If the
password program was used to boot the Amiga, executing
the new dir command will call the dirx command and the
user will not notice any difference. If the Amiga was not
booted using the password program when the dir command
is executed, it's loop time.....
If you were going to break into someone's computer, what
is the first command you'd run when you got the prompt?
Right, a dir command to look around. Follow the above
directions and running a dir will cause the system to lock
up unless the disk was booted using password.
Loop can be used with almost any program and it has an
option to only check for a proper boot up using the
password program and loop if it wasn't. No other output
will be done. This can be useful to add a "dir -q" to
every script you have on your system.
NOTE: loop will not work with some ARP commands (dir works,
list doesn't????), and some won't work because of
what they do, like cd.
Another useful security measure is to rename the password
program to something that doesn't sound like password. Try
calling it mkdir or time or something like that. If someone
were to see mkdir -a or time -a in your startup-sequence, would
they suspect a password program?
You should password protect every bootable disk you have.
Of course you shouldn't write to your original disks, but
they should be locked up somewhere away from your
computer anyway.
Once someone can boot up on one of your disks, they can
simply use the dir commands from that disk to look at your
protected disk. Maybe your should use the dir/loop trick
on every copy of dir your have.
If you have a hard-drive, keep only what is absolutly
necessary on your boot disk. Keep a trick copy of dir, but
don't keep any other commands like list, delete, type etc...
Total security on the Amiga is impossible. But using this
program or a custom version (as described in readme) can
keep most people out. Most people are computer illiterates
and would never be able to break this program. The key to
the password program is to insure that it is executed
from your startup-sequence. There are ways to stop the
startup-sequence from executing, but I won't describe
them here. By doing some of the system setup in the password
program and using the loop program as described above should
help.
Public Domain: This version of password is public domain, but remember that
I am making no guarantees of operation or security. You're
on your own. If you want a custom version of the program,
follow the procedure outlined in the readme file of this
archive. This program can be freely distributed, but
please keep me as author and all the documentation intact.
George Kerber
19756 E. Linvale Drive
Aurora, Colorado 80013
(303) 693-2890
Compuserve: 74010,2132
