According to almo <almo6914@yahoo.com>:
Anybody know where to find that? Actually I only need dtlogin.

Part 2 -
I might as well tell you why. I have this system (AIX 4.3.3) built by
some other company, (big big company, begins with "L" ) where you log
into CDE from a login screen. If you use the wrong password, you get a
message "Login incorrect," and after 3 failed attempts, you're
locked out, although you don't know it. And, maybe you're a
hacker?? However, if on the 10th attempt, you get the password
correct, then the message changes to "Too many unsuccessful login
attempts" So, if you didn't know that user password to start
with, you know it now. What happens after that doesn't matter. But,
some people where I work would prefer it that the message did not
change to indicate that you had found the correct password. I work for
those people. Now, I grepped the dt folder and found the first message
"Login incorrect" in dtlogin. And, I opened the dtlogin binary with
a hex editor and could see that first message clearly. And, I found
somewhere else where it tells you to change your password the very
first time you use it. But I can't find which program gives the
message "too many unsuccessful attempts"

I don't have access to AIX, but dtlogin for CDE on Solaris 10
uses libpam.so (Plugable Access Method, IIRC), and that message *might*
be in there -- or in some other shared lib entirely. ldd(1) shows
dtlogin to be using a total of 34 shared libs, so you will have fun
looking for things. :-)

Note -- you should not need a binary editor for locating the
message string -- just use the strings(1) program to spit out a list of
the strings in the program executable. And pipe that through less(1) to
find out whether a particular string is there.

It's probably not a dt
program doing it, but it is a dt program, such as dtfile_error being
sent a text string to display, but I can't find the culprit. ,
course, AIX 4.3.3. doesn't have -r for grep, so I had to go to a linux
machine and grep the source code discwhatever. (I'm told it's the
entire source codewho knows) BTW, it's not plain old CDE, it's
been hacked for security reasons, or so I'm told.

*Whose* source code disc? Linux does not use CDE -- though it
can use "KDE" -- a freely distributable source work-alike. But there is
no bet that anything from KDE can be made to work with CDE.

Anyway, I'll really look good if I can solve this little problem. I'll
still get yelled at for something else, but I really need a win right
now :-))))

How about a setup so it simply *disconnects* the user attempting
login after a shorter count of failed login attempts? That way, they
would never get to the 10 login attempt threshold you mentioned.

Read up on pam, libpam, and pam.conf to see whether anything in
there might offer some help.

Good Luck,
DoN.

In comp.security.unix Doug McIntyre <merlyn@geeks.orgwrote:
If you startup a University or Non-Profit Resource , you could get
CDE source for free from the Group for internal R&D only. A
commercial entity is only $5k for no redistribution rights.

If one really wants CDE. Why not using something else, which is Free
Software? CDE is, ahem, strange.

Yours,
VB.

"How about a setup so it simply *disconnects* the user attempting
login after a shorter count of failed login attempts? That way, they
would never get to the 10 login attempt threshold you mentioned."

The source code I'm referring to is the application source code from
the "L" company. Actually, it's supposed to be the source code, plus
the binaries, plus binary image of the S. I use the binary editor on
my PC because I don't trust the Windows Explorer search. But thanks
for the tip on using strings(1). Hadn't thought of that.

I like the *disconnects* after some number (it'll be 3) login
attempts. Now I'll have to figure out how to do that. Note, I'm not a
Unix guru, but this latest assignment is turning me into one. Thanks
DoN.

DoN. Nichols wrote:
According to almo <almo6914@yahoo.com>:
Anybody know where to find that? Actually I only need dtlogin.

Part 2 -
I might as well tell you why. I have this system (AIX 4.3.3) built by
some other company, (big big company, begins with "L" ) where you log
into CDE from a login screen. If you use the wrong password, you get a
message "Login incorrect," and after 3 failed attempts, you're
locked out, although you don't know it. And, maybe you're a
hacker?? However, if on the 10th attempt, you get the password
correct, then the message changes to "Too many unsuccessful login
attempts" So, if you didn't know that user password to start
with, you know it now. What happens after that doesn't matter. But,
some people where I work would prefer it that the message did not
change to indicate that you had found the correct password. I work for
those people. Now, I grepped the dt folder and found the first message
"Login incorrect" in dtlogin. And, I opened the dtlogin binary with
a hex editor and could see that first message clearly. And, I found
somewhere else where it tells you to change your password the very
first time you use it. But I can't find which program gives the
message "too many unsuccessful attempts"

I don't have access to AIX, but dtlogin for CDE on Solaris 10
uses libpam.so (Plugable Access Method, IIRC), and that message *might*
be in there -- or in some other shared lib entirely. ldd(1) shows
dtlogin to be using a total of 34 shared libs, so you will have fun
looking for things. :-)

Note -- you should not need a binary editor for locating the
message string -- just use the strings(1) program to spit out a list of
the strings in the program executable. And pipe that through less(1) to
find out whether a particular string is there.

It's probably not a dt
program doing it, but it is a dt program, such as dtfile_error being
sent a text string to display, but I can't find the culprit. ,
course, AIX 4.3.3. doesn't have -r for grep, so I had to go to a linux
machine and grep the source code discwhatever. (I'm told it's the
entire source codewho knows) BTW, it's not plain old CDE, it's
been hacked for security reasons, or so I'm told.

*Whose* source code disc? Linux does not use CDE -- though it
can use "KDE" -- a freely distributable source work-alike. But there is
no bet that anything from KDE can be made to work with CDE.

Anyway, I'll really look good if I can solve this little problem. I'll
still get yelled at for something else, but I really need a win right
now :-))))

How about a setup so it simply *disconnects* the user attempting
login after a shorter count of failed login attempts? That way, they
would never get to the 10 login attempt threshold you mentioned.

Read up on pam, libpam, and pam.conf to see whether anything in
there might offer some help.

Good Luck,
DoN.

Michael Kraemer <M.Kraemer@gsi.dewrites in comp.unix.cde:
|DoN. Nichols schrieb:
|
|I don't have access to AIX, but dtlogin for CDE on Solaris 10
|uses libpam.so (Plugable Access Method, IIRC),
|
|so open Solaris comes with CDE source code ?
|Would that include dtterm sources ?

Solaris does not include CDE source. Full Solaris source licenses do.
(Last I checked those were ~$100 for .edu's, ~$50k for the rest of the
world.)