Anybody know where to find that?  Actually I only need dtlogin.

Part 2 -
I might as well tell you why.  I have this system (AIX 4.3.3) built by
some other company, (big big company, begins with "L" ) where you log
into CDE from a login screen.  If you use the wrong password, you get a
message "Login incorrect...," and after 3 failed attempts, you're
locked out, although you don't know it.  And, maybe you're a
hacker?????  However, if on the 10th attempt, you get the password
correct, then the message changes to "Too many unsuccessful login
attempts..."    So, if you didn't know that user password to start
with, you know it now.  What happens after that doesn't matter.  But,
some people where I work would prefer it that the message did not
change to indicate that you had found the correct password.  I work for
those people.  Now, I grepped the dt folder and found the first message
"Login incorrect..." in dtlogin.  And, I opened the dtlogin binary with
a hex editor and could see that first message clearly.   And, I found
somewhere else where it tells you to change your password the very
first time you use it.  But I can't find which program gives the
message "too many unsuccessful attempts..."   It's probably not a dt
program doing it, but it is a dt program, such as dtfile_error being
sent a text string to display, but I can't find the culprit.  Or,
course, AIX 4.3.3.  doesn't have -r for grep, so I had to go to a linux
machine and grep the source code disc...whatever.  (I'm told it's the
entire source code...who knows....)  BTW, it's not plain old CDE, it's
been hacked for security reasons, or so I'm told.

Anyway, I'll really look good if I can solve this little problem.  I'll
still get yelled at for something else, but I really need a win right
now :-))))

Thanks everybody

[ Post a follow-up to this message ]

On 9 Jun 2006 12:55:18 -0700
"almo" <almo6914@yahoo.com> wrote:

> Anybody know where to find that?  Actually I only need dtlogin.

You can't. CDE is commercial, non-open-source. If you politely ask IBM
and sign an NDA, they might give you the sources to CDE, but I highly
doubt that.

> Part 2 -
> I might as well tell you why.  I have this system (AIX 4.3.3) built by
> some other company, (big big company, begins with "L" ) where you log
> into CDE from a login screen.  If you use the wrong password, you get
> a message "Login incorrect...," and after 3 failed attempts, you're
> locked out, although you don't know it.  And, maybe you're a
> hacker?????  However, if on the 10th attempt, you get the password
> correct, then the message changes to "Too many unsuccessful login
> attempts..."    So, if you didn't know that user password to start
> with, you know it now.  What happens after that doesn't matter.  But,
> some people where I work would prefer it that the message did not
> change to indicate that you had found the correct password.  I work
> for those people.  Now, I grepped the dt folder and found the first
> message "Login incorrect..." in dtlogin.  And, I opened the dtlogin
> binary with a hex editor and could see that first message clearly.
> And, I found somewhere else where it tells you to change your
> password the very first time you use it.  But I can't find which
> program gives the message "too many unsuccessful attempts..."   It's
> probably not a dt program doing it, but it is a dt program, such as
> dtfile_error being sent a text string to display, but I can't find
> the culprit.  Or, course, AIX 4.3.3.  doesn't have -r for grep, so I

What's the big deal to compile GNU grep on AIX?

> had to go to a linux machine and grep the source code
> disc...whatever.  (I'm told it's the entire source code...who
> knows....)  BTW, it's not plain old CDE, it's been hacked for
> security reasons, or so I'm told.

Wait... what source disk?

> Anyway, I'll really look good if I can solve this little problem.
> I'll still get yelled at for something else, but I really need a win
> right now :-))))
>
> Thanks everybody

I'd say, you're pretty much out of luck on this one.

Marc

[ Post a follow-up to this message ]

According to almo <almo6914@yahoo.com>:
> Anybody know where to find that?  Actually I only need dtlogin.
>
> Part 2 -
> I might as well tell you why.  I have this system (AIX 4.3.3) built by
> some other company, (big big company, begins with "L" ) where you log
> into CDE from a login screen.  If you use the wrong password, you get a
> message "Login incorrect...," and after 3 failed attempts, you're
> locked out, although you don't know it.  And, maybe you're a
> hacker?????  However, if on the 10th attempt, you get the password
> correct, then the message changes to "Too many unsuccessful login
> attempts..."    So, if you didn't know that user password to start
> with, you know it now.  What happens after that doesn't matter.  But,
> some people where I work would prefer it that the message did not
> change to indicate that you had found the correct password.  I work for
> those people.  Now, I grepped the dt folder and found the first message
> "Login incorrect..." in dtlogin.  And, I opened the dtlogin binary with
> a hex editor and could see that first message clearly.   And, I found
> somewhere else where it tells you to change your password the very
> first time you use it.  But I can't find which program gives the
> message "too many unsuccessful attempts..."

I don't have access to AIX, but dtlogin for CDE on Solaris 10
uses libpam.so (Plugable Access Method, IIRC), and that message *might*
be in there -- or in some other shared lib entirely.  ldd(1) shows
dtlogin to be using a total of 34 shared libs, so you will have fun
looking for things. :-)

Note -- you should not need a binary editor for locating the
message string -- just use the strings(1) program to spit out a list of
the strings in the program executable.  And pipe that through less(1) to
find out whether a particular string is there.

>                                               It's probably not a dt
> program doing it, but it is a dt program, such as dtfile_error being
> sent a text string to display, but I can't find the culprit.  Or,
> course, AIX 4.3.3.  doesn't have -r for grep, so I had to go to a linux
> machine and grep the source code disc...whatever.  (I'm told it's the
> entire source code...who knows....)  BTW, it's not plain old CDE, it's
> been hacked for security reasons, or so I'm told.

*Whose* source code disc?  Linux does not use CDE -- though it
can use "KDE" -- a freely distributable source work-alike.  But there is
no bet that anything from KDE can be made to work with CDE.

> Anyway, I'll really look good if I can solve this little problem.  I'll
> still get yelled at for something else, but I really need a win right
> now :-))))

How about a setup so it simply *disconnects* the user attempting
login after a shorter count of failed login attempts?  That way, they
would never get to the  10 login attempt threshold you mentioned.

Read up on pam, libpam, and pam.conf to see whether anything in
there might offer some help.

Good Luck,
DoN.

--
Email:   <dnichols@d-and-d.com>   | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---

[ Post a follow-up to this message ]

DoN. Nichols schrieb:

> 	I don't have access to AIX, but dtlogin for CDE on Solaris 10
> uses libpam.so (Plugable Access Method, IIRC),

so open Solaris comes with CDE source code ?
Would that include dtterm sources ?

[ Post a follow-up to this message ]

On 2006-06-09, almo <almo6914@yahoo.com> wrote:
> [snip]  If you use the wrong password, you get a
> message "Login incorrect...," and after 3 failed attempts, you're
> locked out, although you don't know it.  And, maybe you're a
> hacker?????  However, if on the 10th attempt, you get the password
> correct, then the message changes to "Too many unsuccessful login
> attempts..."    So, if you didn't know that user password to start
> with, you know it now.  What happens after that doesn't matter.  But,
> some people where I work would prefer it that the message did not
> change to indicate that you had found the correct password.  I work for
> those people.  Now, I grepped the dt folder and found the first message
> "Login incorrect..." in dtlogin.  And, I opened the dtlogin binary with
> a hex editor and could see that first message clearly.   And, I found
> somewhere else where it tells you to change your password the very
> first time you use it.  But I can't find which program gives the
> message "too many unsuccessful attempts..."   It's probably not a dt
> program doing it, but it is a dt program, such as dtfile_error being
> sent a text string to display, but I can't find the culprit.

You're probably right about the message not originating
from CDE. If your message looks like this:
3004-303 There have been too many unsuccessful login attempts;
please see the system administrator.
it's the defaul AIX system message for an account locked
due to too many unsuccessful login attemps. You'll probably
get this message not only from CDE, but also from shell,
telnet and su logins (but not SSH).
To confirm take a look at the users security settings:
lsuser -f <username>
This should show something like this:
..
logintimes=
loginretries=2
..
unsuccessful_login_count=8
..
If the unsuccessful_login_count > loginretries, you'll get
the 3004-303 error message. The unsuccessful_login_count can
btw. be reset with:
chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s <username>

Having no AIX 4.3.3 at hand i can only tell you, that with
a recent version (5.3 ML6) i get the 3004-303 error message
with or without correct password, which is probably what
you want. Do some research if this was introduced in some
version >4.3.3 and update the system to that version. You
should do this anyway, since 4.3.3 is no longer supported
and there will be no more security fixes, which means your
above concerns should be your least ...

> Or, course, AIX 4.3.3.  doesn't have -r for grep, so I had to go to a linu
x
> machine and grep the source code disc...whatever.  (I'm told it's the
> entire source code...who knows....)  BTW, it's not plain old CDE, it's
> been hacked for security reasons, or so I'm told.

I don't know what you mean by "source code disc", but i
seriously doubt that you have the CDE much less the AIX
source code available. Anyway, instead of 'grep -r' one
can always use a 'find ./ -type f | xargs grep <string>'

A good start to read up would be:
http://publib.boulder.ibm.com/infoc...eries/index.jsp
http://www.redbooks.ibm.com/portals/UNIX

Regards,

Frank

[ Post a follow-up to this message ]

Michael Kraemer <M.Kraemer@gsi.de> writes:
>DoN. Nichols schrieb:
 
[vbcol=seagreen]
>so open Solaris comes with CDE source code ?
>Would that include dtterm sources ?

No, OpenSolaris is the kernel and whatever else they could put into
the distribution. CDE is still owned by The Open Group, Sun wouldn't
be able to distribute source to it.

If you startup a university or Non-Profit Resource Org, you could get
CDE source for free from the Open Group for internal R&D only. A
commercial entity is only $5k for no redistribution rights.

[ Post a follow-up to this message ]

In comp.security.unix Doug McIntyre <merlyn@geeks.org> wrote:
> If you startup a university or Non-Profit Resource Org, you could get
> CDE source for free from the Open Group for internal R&D only. A
> commercial entity is only $5k for no redistribution rights.

If one really wants CDE. Why not using something else, which is Free
Software? CDE is, ahem, ... strange.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

Kyle Stedman about "Personal Firewalls" in c.s.f

[ Post a follow-up to this message ]

---"How about a setup so it simply *disconnects* the user attempting
login after a shorter count of failed login attempts?  That way, they
would never get to the  10 login attempt threshold you mentioned."---

The source code I'm referring to is the application source code from
the "L" company.  Actually, it's supposed to be the source code, plus
the binaries, plus binary image of the OS.  I use the binary editor on
my PC because I don't trust the Windows Explorer search.  But thanks
for the tip on using strings(1).  Hadn't thought of that.

I like the *disconnects* after some number (it'll be 3)  login
attempts.  Now I'll have to figure out how to do that.  Note, I'm not a
Unix guru, but this latest assignment is turning me into one.  Thanks
DoN.

DoN. Nichols wrote:
> According to almo <almo6914@yahoo.com>: 
>
> 	I don't have access to AIX, but dtlogin for CDE on Solaris 10
> uses libpam.so (Plugable Access Method, IIRC), and that message *might*
> be in there -- or in some other shared lib entirely.  ldd(1) shows
> dtlogin to be using a total of 34 shared libs, so you will have fun
> looking for things. :-)
>
> 	Note -- you should not need a binary editor for locating the
> message string -- just use the strings(1) program to spit out a list of
> the strings in the program executable.  And pipe that through less(1) to
> find out whether a particular string is there.
> 
>
> 	*Whose* source code disc?  Linux does not use CDE -- though it
> can use "KDE" -- a freely distributable source work-alike.  But there is
> no bet that anything from KDE can be made to work with CDE.
> 
>
> 	How about a setup so it simply *disconnects* the user attempting
> login after a shorter count of failed login attempts?  That way, they
> would never get to the  10 login attempt threshold you mentioned.
>
> 	Read up on pam, libpam, and pam.conf to see whether anything in
> there might offer some help.
>
> 	Good Luck,
> 		DoN.
>
> --
>  Email:   <dnichols@d-and-d.com>   | Voice (all times): (703) 938-4564
> 	(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
>            --- Black Holes are where God is dividing by zero ---

[ Post a follow-up to this message ]

Michael Kraemer <M.Kraemer@gsi.de> writes in comp.unix.cde:
|DoN. Nichols schrieb:
|
|> 	I don't have access to AIX, but dtlogin for CDE on Solaris 10
|> uses libpam.so (Plugable Access Method, IIRC),
|
|so open Solaris comes with CDE source code ?
|Would that include dtterm sources ?

OpenSolaris does not include CDE source.  Full Solaris source licenses do.
(Last I checked those were ~$100 for .edu's, ~$50k for the rest of the
world.)

--
Alan Coopersmith * alanc@alum.calberkeley.org * Alan.Coopersmith@Sun.COM
http://blogs.sun.com/alanc/ *  http://people.freedesktop.org/~alanc/
http://del.icio.us/alanc/  *  http://www.csua.berkeley.edu/~alanc/
Working for, but definitely not speaking for, Sun Microsystems, Inc.

[ Post a follow-up to this message ]

Volker Birk schrieb:
>
> If one really wants CDE. Why not using something else, which is Free
> Software? CDE is, ahem, ... strange.

why not ? It's most commercial Unices native GUI,
and not "stranger" than others.
Matter of taste, at best.

[ Post a follow-up to this message ]