[	@(#)README	3.8.1.4	11:05:55	10/10/92	]

This is the explanatory document for John F. Haugh II's login replacement,
release 3.  This document was last updated 10/10/92.

This software is copyright 1988, 1989, 1990, 1991, 1992, John F. Haugh II.
All rights reserved.  Use, duplication and disclosure is permitted according
to the guidelines listed below.

This software is being provided as a freely redistributable login clone.
You may distribute this software provided you do not charge for other than
transmission costs.  You are free to copy this software provided you
do not restrict the rights of the recipients to further copy this software.

This source code is currently archived on ftp.cs.widener.edu in the
directory pub/src/adm.  The file name is "shadow" followed by the
version number.  You may contact the author, John F. Haugh, II, at
jfh@rpp386.cactus.org if you have any questions regarding this package.

THIS SOFTWARE IS BEING DISTRIBUTED AS-IS.  THE AUTHORS DISCLAIM ALL
LIABILITY FOR ANY CONSEQUENCES OF USE.  THE USER IS SOLELY RESPONSIBLE
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE.  THE AUTHORS ARE UNDER NO
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS.  THE USER IS
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
LOSS OF INFORMATION OR MACHINE RESOURCES.

Special thanks are due to Chip Rosenthal for his fine testing efforts;
to Steve Simmons for his work in porting this code to BSD; and to Bill
Kennedy for his contributions of LaserJet printer time and energies.
Also, thanks for Dennis L. Mumaugh for the initial shadow password
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
V Release 4 changes.  Effort in porting to SunOS has been contributed
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
(mke@kaberd.rain.com).  Effort in porting to AT&T UNIX System V Release
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).

New for Release 3:
	The objects are being combined into libraries to make maintenance
	easier and to encourage developers to use the modules as the
	basis for new tools.  New tools are planned based on SVR4 commands.

	New lint rules have been added to make the code easier to lint.
	Files will gradually be fixed so that they lint cleanly.

	DBM file access has been added to everything that would tolerate
	it.  The files /etc/passwd, /etc/group, and /etc/shadow all have
	DBM interfaces.  The new file, /etc/gshadow, has been added to
	support shadowed group information and it too has a DBM interface.
	Additional information has been added to the shadow group file to
	define the notion of a group administrator.

	SVR4 utilities to add and modify user and group information have
	been added.  The man pages for these commands have been written
	as well.

	User-defined authentication has been added.  This allows you to
	write programs to replace the password authentication method
	which uses the crypt() function.

Warning:
	The newuser command will be removed in a later release.
	The libsec.a library will be removed in a later release.

This software is described in the 3rd USENIX Security Symposium
proceedings.  These proceedings are available from

	USENIX Association
	2560 Ninth Street, Suite 215
	Berkeley, CA 94710

The current price is $30 for USENIX members and $39 for non-members.

Begin by reading and editing the config.h file.  All options are selected
by using #define's.  A brief description for each available option appears
below.  You may want to print this file out as it is LONG and you will
need to refer to it while editting config.h.  You will also have to edit
the Makefile.  The possible differences are documented there.  Pay close
attention to the install: rule.  Login now runs on about 30 different
varieties of UNIX that I have been made aware of.  If you have any qualms,
you should run "make save" before running "make install".  If something
breaks you can use "make restore" to put things back.  In any case, you
should have a recent system backup as the potential for serious damage
exists.

Note that there are MANY options.  As distributed most options are turned
on, which produces a really nice package.  This is the system as used on
some of the authors' machines.  There are many options which may be
selected at run time.  You should refer to the login.5 manual page for
more information regarding these options.

There are several files which you may have to replace.  If your system has
a lastlog.h file, you should replace the one which I provide with your
system version.  The pwd.h file that is produced by "make" must agree
exactly with the system supplied version.  You should re-arrange the
fields or #define's until they match.  The same is true for "shadow.h",
if you system provides one.  You may want to replace large portions of
that file (or the entire file) with your system version.  It is provided
for those systems which do NOT provide /usr/include/shadow.h.  If you
do not have a the crypt() function in your library (perhaps because you
are located outside the United States), you may wish to look into the
UFC-crypt package which was posted to comp.sources.misc in volume 23,
issues 97 and 98.

Login Defaults File -
	This option selects the name of the file to read for the
	run-time configurable options.  The default value for
	LOGINDEFS is "/etc/login.defs".

Shadow [ unreadable ] Password Files -
	This option utilizes an alternate, non-readable file to
	contain the actual encrypted passwords.  This is presumed
	to increase system security by increasing the difficulty
	with which system crackers obtain encrypted passwords.

	Select this option by defining the SHADOWPWD macro.

	This feature is optional, but only certain commands may
	be compiled with this option disabled.

Shadow Group Files -
	This option utilizes an alternate, non-readable file to
	contain encrypted group passwords and group administrator
	information.

	This feature allows one or more users to be defined as
	the administrators of a group for the purpose of adding
	or deleting members and changing the group password.

	Select this option by defining the SHADOWGRP macro.  You
	must also create an emptry /etc/gshadow file.  You must
	select the SHADOWPWD option if you select SHADOWGRP.

DBM Password Files -
	This option utilizes the DBM database access routines to
	increase the performance of user name and ID lookups in the
	password file.  You may select the NDBM database instead
	and have DBM-style access to all user information files.

	Select this option by defining both the DBM and GETPWENT
	macros.  The FGETPWENT macro must also be defined or the
	fgetpwent() library routine must be present.

Double Length Passwords -
	This option extends the maximum length of a user password
	to 16 characters from eight.

	Select this option by defining the DOUBLESIZE macro.
	Credit for this option is due Jonathan Bayer.

Password Aging -
	This option includes code to perform password aging.
	Password aging is presumed to increase system security
	by forcing users to change passwords on a regular
	basis.  The resolution on password age is in weeks for
	non-shadow password systems and in days otherwise.

	Select this option by defining the AGING macro.

Syslog -
	This option causes the code to log various errors or
	special conditions to the syslog daemon.  The types of
	information that are logged security violations, changes
	to the user database, and program errors.

	Select syslog processing by defining the USE_SYSLOG
	macro.

Remote Login -
	This option causes certain network login code to be
	inserted to enable the "rlogin" and "telnet" commands to
	work.  To enable network logins, define the RLOGIN macro.
	If your <utmp.h> file includes a ut_host member, you must
	also define the UT_HOST macro.

Directory Reading Routines -
	Three different macros are defined for opening and reading
	directories.  They are DIR_XENIX, DIR_BSD, and DIR_SYSV.
	Refer to config.h for more details.

Library Configuration Macros -
	The following macros define the functions which are present
	in your system library:

	HAVE_ULIMIT	- Define if your UNIX supports ulimit()
	GETPWENT	- Define if you want my GETPWENT(3) routines
	GETGRENT	- Define if you want my GETGRENT(3) routines
	NEED_AL64	- Define if library does not include a64l()
	NEED_MKDIR	- Define if system does not have mkdir()
	NEED_RMDIR	- Define if system does not have rmdir()
	NEED_RENAME	- Define if system does not have rename()
	NEED_STRSTR	- Define if library does not include strstr()

Password File Information -
	The following macros define the fields which are present in
	your system password file.  Because the system was compiled
	to use the password file in its original form, these macros
	must agree with the actual contents of the file.

	BSD_QUOTA	- the pw_quota field exists
	ATT_AGE		- the pw_age field exists
	ATT_COMMENT	- the pw_comment field exists

Signal Return Type -
	Because different systems return different data types for
	the signal() system call, you must define SIGTYPE to be
	the data type your system uses.  The default is "int", but
	"void" is another popular value.

BSD Notes:	Steve Simmons	scs@iti.org

The full port of the shadow package to BSD is not complete; but some
of the issues have been worked out.  These notes describe the current
state of things:

In order to make use of password aging under BSD, minor changes to
/usr/include/pwd.h and getpwent() are needed.  These changes are to
keep the password age from messing up the encrypted password when not
using shadow passwords, and involve placing a new field in the password
data structure.  To use this, you should apply the following two patches:
	pwd.h.patch
	getpwent.c.patch
to the BSD /usr/include/pwd.h and /usr/src/lib/libc/gen/getpwent.c,
respectively.  After applying the patches, rebuild your standard C
library with the new getpwent.  Programs which use the old getpwent
will fail on password checking if they do a strcmp rather than a strncmp.
[ I do not seem to have these two patches.  I have provided an entire
getpwent collection of code which may be useful instead.  This code
does not support Sun Yellow Pages(tm?), which is a shame. -jfh ]

These changes are based on BSD4.3, not Tahoe

ToDo BSD:

I'm working on this in my copious spare time (hah!); any help would
be appreciated.  If you decide to help, do these independantly rather
than rework BSD code!  Keep it redistributable!

No dbm functions have been put in place.  Dbm functionality is needed
for both /etc/password and /etc/shadow management.  [ It is now possible
to create /etc/passwd.dir and /etc/passwd.pag using the new mkpasswd
command.  getpwuid and getpwnam both use these files.   Also, the 
commands chfn, chsh, and chage all update the DBM files. -jfh ]

The BSD GECOS field gets used for lots more stuff than the USG.  At a
minimum this functionality should be duplicated under BSD; better is to put
it into USG as well; still better would be to make the chfn command for
both systems; best would be site-configurable data to be put into GECOS/chfn.

[ this is now possible using chfn and the -o option.  i would appreciate
  anyone who is able to confirm that this code runs reasonably on some
  BSD release. - jfh ]

SunOS 4.1.1 Notes: (mke@kaberd.rain.com) Michael J. Miller Jr.

[ These notes were edited from the original.  The standard Makefile
  and config.h have notes indicating the changes required for SunOS. ]

You'll need to do the following to get the shadow password dist to
compile on a sun 4.1.1 system.

If using csh, then type 'rehash'.  cd to the /etc directory and type
'pwconv'.  This will create two files,  nshadow and npasswd.
now type 'mkpasswd -f nshadow' and 'mkpasswd -f npasswd'.  This will
create the shadow password file.

Note: The shadow group stuff does not work with sunos.  

Note: ftp will still use the old password file.

Note: if you run suns pcnfs, be aware that it will still be looking at the
      old password file as well.  I may work out a patch for this, as I am
      fairly certain the stuff on the sun side comes with source.

Note: I have compiled this package with the standard c compiler and
      suns unbundled c compiler at an optomization level of 2 in
      both casses.  Haven't tried gcc yet, so I don't know wether it
      works.  Same goes for suns C++ compiler.

Note: has been compiled on a sun 3/75 running sunos 4.1.1.  Should compile
      fine on sun 4's running 4.1.1, and may compile on suns running
      4.1.  Have no idea what sort of success people will have that
      are running 4.03 and older versions.
