cvmlogin is a replacement for the traditional
login program, using a
CVM module for
authentication. It is not a drop-in replacement; it
has an incompatible interface, so it can not necessarily be used with
traditional getty programs. It does not accept a username on the
command line, and it does no utmp/wtmp accounting.
cvmlogin is probably not very useful except on consoles
(and perhaps pseudoterminals) due to the absence of a compatible getty
replacement to handle terminal initialization.
cvmlogin [command arg ...]
cvmlogin prompts for a username and password on stdout,
reads them from stdin, and logs the attempt (including the terminal as
$TTY) to stderr. It authenticates via the
CVM module specified by
$CVM_PLAIN. If the
authentication is successful, it forks and runs the given command,
with stderr replaced by a duplicate of stdout. If no command is
given, the default (as of version 2001.06.08) is
cvmlogin waits for the child to exit, logs the
termination, and then exits.
The prompt for the username can be set in
and defaults to "
login: ". The prompt for
the password can be set in
$PROMPT_PASSWORD, and defaults
sets these environment variables for the child process:
USER- the user's account name.
UID- the user's user ID.
GID- the user's primary group ID.
GROUPS- the user's supplementary groups, each preceded by a space (including the first). If
cvmloginwill include the primary group ID in
$GROUPS. (The standard modules in current version of CVM already do this, so this feature is not useful with those modules.) If
$EXTRA_GROUPSis set, its value is taken to be a similarly-formatted list of groups IDs which
cvmloginwill include in
$GROUPS. (So, e.g., users logging in on the console can be in a "console" group which has access to floppy/CDROM drives, etc., while they would not have such access when logging in over the network.)
NAME- the user's real name.
HOME- the user's home directory.
SHELL- the user's login shell.
Some of the above variables, including
automatically set by
bash; any inherited value set by
cvmlogin is lost. Do not configure
cvmlogin to run a script interpreted by
- any successful login will gain root privileges.
You can run a supervised console login service with a run script like this:
# cd /service/console-login # grep ^ env/* env/CVM_PLAIN:/command/cvm-unix env/TERM:linux env/TTY:/dev/tty1 # cat run #!/bin/sh -e exec 2>&1 exec \ setsid \ envdir ./env \ sh -ec ' exec < "$TTY" exec > "$TTY" reset 2>&1 clear 2>&1 exec \ envdir ./env \ cvmlogin'
envdir invocation is there to remove
environment variables automatically set by namespace-invading sh
interpreters like bash. For
$TERM must be set.
After installing the ucspi-tcp and ptyget packages, you can almost run a telnet-option-less telnet service like this:
tcpserver 0 23 ptyrun -2 cvmlogin
However, this doesn't handle environment variable transmission, etc.,
$TERM and such will have to be set manually. Also, it
seems impossible to turn off echoing on the remote pseudoterminal.