Howto change login mechanism on OpenBSD

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Howto change login mechanism on OpenBSD

Valdrin MUJA
Hi Misc,

I have an interactive shell program which has an authentication section and I want to login via my program. How can I do that?

Actually I want to run this program instead of /bin/ksh. I changed the root's shell with "chsh -s /bin/{my_program} root" command. However, when the system boots, firstly OpenBSD Login is coming and after that my program is running.

In short, I want to run an external program on startup without OpenBSD Login.
Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Edgar Pettijohn III-2
On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> Hi Misc,
>
> I have an interactive shell program which has an authentication section and I want to login via my program. How can I do that?
>
> Actually I want to run this program instead of /bin/ksh. I changed the root's shell with "chsh -s /bin/{my_program} root" command. However, when the system boots, firstly OpenBSD Login is coming and after that my program is running.
>
> In short, I want to run an external program on startup without OpenBSD Login.

I believe login(1) is executed by getty(8) which is started by init(8).
So you would likely have to make changes to one or more of them. But I
could be wrong.

Edgar

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Kevin Chadwick-4
On May 20, 2020 9:31:19 PM UTC, Edgar Pettijohn <[hidden email]> wrote:

>On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
>> Hi Misc,
>>
>> I have an interactive shell program which has an authentication
>section and I want to login via my program. How can I do that?
>>
>> Actually I want to run this program instead of /bin/ksh. I changed
>the root's shell with "chsh -s /bin/{my_program} root" command.
>However, when the system boots, firstly OpenBSD Login is coming and
>after that my program is running.
>>
>> In short, I want to run an external program on startup without
>OpenBSD Login.
>
>I believe login(1) is executed by getty(8) which is started by init(8).
>So you would likely have to make changes to one or more of them. But I
>could be wrong.
>
>Edgar

I believe /etc/ttys controls getty, which may or not help. Getty is respawned too.
https://man.openbsd.org/man5/ttys.5

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Edgar Pettijohn III-2
On Wed, May 20, 2020 at 09:50:17PM +0000, Kevin Chadwick wrote:

> On May 20, 2020 9:31:19 PM UTC, Edgar Pettijohn <[hidden email]> wrote:
> >On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> >> Hi Misc,
> >>
> >> I have an interactive shell program which has an authentication
> >section and I want to login via my program. How can I do that?
> >>
> >> Actually I want to run this program instead of /bin/ksh. I changed
> >the root's shell with "chsh -s /bin/{my_program} root" command.
> >However, when the system boots, firstly OpenBSD Login is coming and
> >after that my program is running.
> >>
> >> In short, I want to run an external program on startup without
> >OpenBSD Login.
> >
> >I believe login(1) is executed by getty(8) which is started by init(8).
> >So you would likely have to make changes to one or more of them. But I
> >could be wrong.
> >
> >Edgar
>
> I believe /etc/ttys controls getty, which may or not help. Getty is respawned too.
> https://man.openbsd.org/man5/ttys.5

I think you're right. Might just need to change a line in /etc/ttys to
execute /bin/{my_program}.

Edgar

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Jeffrey Joshua Rollin-2
On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote:

> On Wed, May 20, 2020 at 09:50:17PM +
> >
> > I believe /etc/ttys controls getty, which may or not help. Getty is
> > respawned too.
> > https://man.openbsd.org/man5/ttys.5
>
> I think you're right. Might just need to change a line in /etc/ttys
> to
> execute /bin/{my_program}.
>
> Edgar
>

Perhaps a better way would be just to change the user's login shell to
the name of your program: chpass -s $myprogram $user. That way you can
use OpenBSD's login authentication, and login automatically runs the
program when the user logs in; when the user quits the program they are
automatically logged out. Provided there's no way to execute a shell
from within the program, they therefore can't execute arbitrary code
once logged in. It's easy to add a user for this single purpose: just
add the user as normal, and specify $myprogram as the shell.

Jeff.

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Valdrin MUJA
Hello Again,

Actually I updated the /etc/ttys file and add my program instead of getty. However, after boot, there was still OpenBSD login prompt before my program started. 

On the other hand, I tried chpass -s $myprogram $user, but still I'm faced with the same problem again, there was OpenBSD login prompt.. 

In short,  I want to disable OpenBSD login prompt and execute my program. If user exits this external program, my program should run again etc.




---- On Thu, 21 May 2020 01:53:29 +0200 Jeff Joshua Rollin <[hidden email]> wrote ----


On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote:

> On Wed, May 20, 2020 at 09:50:17PM +
> >
> > I believe /etc/ttys controls getty, which may or not help. Getty is
> > respawned too.
> > https://man.openbsd.org/man5/ttys.5 
>
> I think you're right. Might just need to change a line in /etc/ttys
> to
> execute /bin/{my_program}.
>
> Edgar
>
 
Perhaps a better way would be just to change the user's login shell to
the name of your program: chpass -s $myprogram $user. That way you can
use OpenBSD's login authentication, and login automatically runs the
program when the user logs in; when the user quits the program they are
automatically logged out. Provided there's no way to execute a shell
from within the program, they therefore can't execute arbitrary code
once logged in. It's easy to add a user for this single purpose: just
add the user as normal, and specify $myprogram as the shell.
 
Jeff.