Login passwords - larsbrinkhoff/its-manual GitHub Wiki
By default, ITS has no login security. That is, you can connect to an ITS instance and login with any username, without specifying a password.
If you wish to support explicit accounts, and logging in with a password, the PWORD program is available to be used as a replacement for DDT, as the top-level job loaded when a user connects to ITS. The PANDA program is used to administrate accounts.
More specifically, when you connect to an ITS instance, ITS loads the program SYS;ATSIGN HACTRN. Normally, SYS;ATSIGN HACTRN is a link to SYS;ATSIGN DDT, the latter having been assembled SYSEN1;DDT >. If you wish to require user accounts and passwords, all you have to do is replace the link at SYS;ATSIGN HACTRN to a target SYS;ATSIGN PWORD, which is itself a link to SYSBIN;PWORD BIN. Subsequent attempts to connect to ITS will result in ITS' loading SYSBIN;PWORD BIN, which will allow only registered accounts to login (with a password), and allow unregistered users to register for an account.
IMPORTANT: It is best that you log into the system you wish to switch to using PWORD, perform the link renaming in that login session, and stay logged in there so that you can run PANDA. Otherwise, if you logout and log back in again, you will be prompted to register for an account (unless you've created it first) and will not be able to login to run PANDA. Now, if you do find yourself in this situation, you can use the system console, which will not require a password for logins, to run PANDA.
IMPORTANT: Before you begin this exercise, make sure you know the password for PANDA. If you have just performed an ITS build from the github.com/pdp-10/its repository, the password will be "panda". If you have changed this password, of course, or someone else has, you had better know what the new password is. If you don't, see the section below on "Setting the PANDA password".
To create an account for yourself, invoke PWORD and use the set command. You should invoke these commands:
PANDA^K
Password:
Enter the PANDA password, and you should see:
PANDA.2664
>
The ">" shows you that you are at PANDA command level. You can type ? to get a list of commands.
?
These are the topics for which HELP can give more info.
Type:
:HELP <topic>
for more info on a given topic.
QUIT DELETE SET VAR GROUP FIND
CHECK PRINT SCAN STATS SEND NAME
HOST SSTATU LOADP WHOJ BUG WHO
DATE TIME TIMES TIMOON OCTPUS WHOIS
HELP MAIL PRMAIL PRSEND LISTF USERS
>
As you can see, you can use :HELP <topic> to get more info on each command. We will be using the set command, so get some help on this command:
:help set
Help info on SET:
Set a user's password and other attributes.
If the user is not in the database, it defaults his password to his UNAME
Control arguments:
PASSWORD
-pass, -pw, -pwd Set his password
FLAGS
-day Override group restriction for daytime use
-nday Remove override of group restriction for daytime use
-dial Override group restriction for dialup use
-ndial Remove override of group restriction for dialup use
-bad don't allow to log in from bad sites
-nbad undo a -bad
GROUP
-group, -grp User Group
STATE
-ok, -on Turn an account on
-off Turn an account off
-refuse, -rfs Denies this user an account.
-hold, -hld hold this account for more info
-system, -sys This is a reserved system name.
>
Assuming your username is FOO, issue this command:
set foo -pass -day -ok
PANDA responds with:
SETTING: [-on -day -pw ]
BAZ [NEW] (No INQUIR entry) [Date Unknown]
Creator: FOO 10/30/23, Last Mod: Unknown [Date Unknown]
======================================
[Not in database]
Is this OK? (Y or N)
Type y and you will be prompted for a password:
Enter new password.
Password:
Enter a password and it will prompt you to type it again:
I will now ask you to type the password in again,
to avoid the possibility of errors.
Password:
Enter the password a second time. PANDA will respond with:
Done.
>
Exit PANDA with the done command.
>done
:KILL
*
And you will be returned to DDT. PWORD will now have an enabled account in its database.
To enable PWORD, execute the following two commands:
:delete sys;atsign hactrn
:link sys:atsign hactrn,sys:atsign pword
Now, all subsequent connections to your ITS will run PWORD to login. Make sure you can login to the account you created by starting ANOTHER session (connecting again but leaving your current session running). PWORD will prompt you to login. Login as normal, but you will notice that PWORD prompts for your password before giving you a DDT top-level job.
If all is successful, you can log out of your two sessions, and login again.
When new users attempt to connect to your ITS, and attempt a login with ":login " or $u, and doesn't have a registered account, the users will see a message like this:
EX ITS.1651. PWORD.2664.
TTY 13
3. Lusers, Fair Share = 1%
Welcome to ITS!
For brief information, type ?
For a list of colon commands, type :? and press Enter.
For the full info system, type :INFO and Enter.
Happy hacking!
*jimbo◊u
That name is not known.
Do you wish to apply for an account? (Y or N)
Note that PWORD and its version number appears in the herald. The user should type y and will be rewarded with:
Note: If you get into difficulties and wish to
abort this, just type a ^G (Control-G, the character that beeps)
You have given the login name "JIMBO"
Enter your FULL name.
(end your input with a Carriage Return)
The user is being prompted to enter a full name, such as "Jimbo Turner". Next, the user is prompted with:
What do you wish to use the machine for?
(end your input with a ^C ([Control-C]))
The user should type in something that answers that question and end the response with ^C (control-c). PWORD responds with:
Please give us your telephone number and (paper postal) mailing
address where you can be contacted.
(End your input with a ^C)
The user should follow those instructions and type ^C. The user is next prompted with:
What, if any, is your affiliation?
(End your input with a ^C)
The user should enter something here (doesn't really matter what), and type ^C. The next prompt is:
Now you get to tell what password you wish.
I will now ask you for a password.
Give anything you like, up to 12 characters.
Case does not matter.
End it with a carriage return.
Password:
The user should enter their desired password and end with . Next, PWORD asks:
I will now ask you to type the password in again,
to avoid the possibility of errors.
Password:
The user should enter the password again. PWORD will respond with:
OK, be sure to remember it!
If you have any difficulties, send mail to USER-ACCOUNTS
or call
Please wait now for a few minutes; Someone may
contact you online. If not, then check back in a day or so;
try loging in. If it hasn't been granted yet, there may be mail for
you. You may read it by doing
:PRMAIL JIMBO
Should you desire to change your password, you may do
:HELP LOGIN for info on how to change your password, or
simply do:
":LOGIN JIMBO -CHANGE"
It will then ask you for your old password (to make sure you are you!)
and then it will ask you to give it a new password, of your
own chosing.
The first time you log in, a program will be automatically
run to get certain information about you. Please answer it
as well as you can. Don't be intimidated, think of it as
your introducing yourself to us. In return, you will find
us quite friendly.
*
The user has now applied for an account. The mailing list USER-ACCOUNTS-NOTIFICATION will have received a series of email messages that look similar to this:
Date: Mon, 30 Oct 23 13:57:18 PST
From: Jimbo Turner@KL
Sender: JIMBO@KL
Subject: Application from TTY 13
To: [email protected]
Message-ID: <118.231030.JIMBO@KL>
Date: 30 OCT 2023 1357-PST
From: "Jimbo Turner" <JIMBO at EX>
To: USER-ACCOUNTS at EX
Name: Jimbo Turner
From net site BRIDGE
Purpose: Hacking ITS
Address: 831-239-8029
650 Hidden Valley Rd
Soquel, CA 95073
Affiliation: Heck if I know.
∨
Date: Mon, 30 Oct 23 13:57:18 PST
From: PASSWORD-SYSTEM@KL
To: USER-ACCOUNTS-ARCHIVE@KL
Message-ID: <117.231030.PASSWORD-SYSTEM@KL>
Uname: JIMBO
Name: Jimbo Turner
From net site BRIDGE
Purpose: Hacking ITS
Address: 831-239-8029
650 Hidden Valley Rd
Soquel, CA 95073
Affiliation: Heck if I know.
Users on that mailing list would get that email, and this would prompt them to run PANDA to either accept or reject the account registration request. Assuming you want to accept the registration request, run PANDA.
panda^k
PANDA.2664
>
Invoke the scan command to scan for account registration requests. You will see output similar to this:
JIMBO USER [APL] ! (No INQUIR entry) [Date Unknown]
Creator: ___NNN 10/30/23, Last Mod: Unknown [Date Unknown]
======================================
[In database]
This person has applied.
Uname: JIMBO
Name: Jimbo Turner
From net site BRIDGE
Purpose: Hacking ITS
Address: 831-239-8029
650 Hidden Valley Rd
Soquel, CA 95073
Affiliation: Heck if I know.
JIMBO USER [APL] ! (No INQUIR entry) [Date Unknown]
What now boss? (A,N,I,D,T,L,B,H,O,R,S,X,?,<CR>,^D)
To authorize the account, invoke the A command.
The “A” will turn into “Approved” and you will be prompted:
Approved.
USER DAY DIAL TURIST GRP.04 GRP.05 GRP.06 GRP.07
GRP.08 GRP.09 GRP.10 GRP.11 GRP.12 GRP.13 GRP.14 GRP.15
Group:
Type in DAY<cr”.
Type done to save changes and exit PANDA.
Using DAY will allow the account to login with no restrictions. You can select other groups, but you should set up their restrictions first. See the section on Defining Group Restrictions for details.
In the above example, we used the DAY and TURIST groups. In order to configure the restrictions for the various groups, use the group command within PANDA. For example, invoking PANDA, issuing the command group and selecting the grp.04 group would display:
GRP.04 Weekday: NONE; Saturday: NONE; Sunday: NONE
This group IS allowed to use the dialups.
Do you wish to modify anything? (Y or N)
This output shows the current restrictions for group grp.04 and allows editing them. If you type y, you would see output similar to this:
TURIST Weekday: NONE; Saturday: NONE; Sunday: NONE
This group IS allowed to use the dialups.
1 -- Weekday time restriction
2 -- Saturday time restriction
3 -- Sunday time restriction
4 -- Name of group
5 -- Daytime use message
6 -- Dialup use message
7 -- Dialup permission
8 -- Choose another Group
9 -- Quit
Enter one:
Select menu item numbers to change the indicated restrictions. When done, select the 9 menu item. Exit PANDA with the done command.