|
|
| Author |
Message |
| 10 new of 34 responses total. |
srw
|
|
response 25 of 34:
| 
Nov 2 02:51 UTC 1998 |
Yes - backtalk (http) connection prevent accounts from being reaped.
This is done with special code executed when your password is checked by
the web server.
You can see it if you use finger against such an account. Its last login
will seem to be from "http". The backtalk authentication updates the
lastlog (last login info) which is separate from the wtmp file that the
"last" command dumps out.
|
saw
|
|
response 26 of 34:
|
Nov 10 12:36 UTC 1998 |
I noticed it says "Last login <date and time> on http" when you use the
Backtalk program. Could it be possible to add the IP of the connection
to it? So it may say something like:
"Last login Fri Nov 13 2:35 (EST) on http from 127.0.0.1"
It's no big deal, but it would be sorta neat, and the disk space usage
probably wouldn't increase *that* much.
|
srw
|
|
response 27 of 34:
|
Nov 14 05:11 UTC 1998 |
It seems like there is room in lastlog to hold that information, but I
would have to hear from Jan Wolter, for a definitive answer. The
backtalk password authentication program inserts that information. If it
can get the extra info and if it will fit in the lastlog, there is
probably no good technical reason why it could not be done.
|
janc
|
|
response 28 of 34:
|
Nov 15 04:56 UTC 1998 |
Hmmm... "man utmp" says lastlog contains the fields, ll_time, ll_line,
and ll_host, where ll_host is the name or IP address of the host last
logged in from. Doing "od -c /var/adm/lastlog | more" shows that the IP
addresses are indeed stored in the lastlog file. However, neither
"finger" nor "login" nor "lastlog" reports the host field when the print
last login times. They print only the host and tty. I don't know of
any command that prints the hostname, though it would be easy enough to
write one. That's really rather odd.
|
mdw
|
|
response 29 of 34:
|
Nov 15 09:00 UTC 1998 |
What makes you think finger doesn't use ll_host ?
|
davel
|
|
response 30 of 34:
|
Nov 15 11:57 UTC 1998 |
It may use it, but doesn't seem to display it.
OTOH, who appears to display it by default. In the listing I just did, it
displays IP address for most, hostname.domain for a handful.
|
mdw
|
|
response 31 of 34:
|
Nov 16 02:05 UTC 1998 |
I can guarantee you "who" never uses ll_host.
|
janc
|
|
response 32 of 34:
|
Nov 18 23:25 UTC 1998 |
I'm baffled by Marcus's resp:29. I haven't looked at the finger source
code, but if it uses ll_host, then I don't know what it uses it for,
because I've never seen it display it, and I can't think what finger
would do with ll_host other than display it.
I agree with Marcus's resp:30 though. Who doesn't even look at the last
log file, it looks at the utmp file. Lastlog lists the last time people
signed on, and has one entry for every person with a Grex account. Utmp
lists who is currently on the system, and has entries only for people
currently logged on. There's also wtmp that lists login and logoff to
Grex since the dawn of time. The "last" command works on wtmp.
|
davel
|
|
response 33 of 34:
|
Nov 19 02:57 UTC 1998 |
Yes, I'd confused two separate issues. Sorry.
|
mdw
|
|
response 34 of 34:
|
Nov 20 03:57 UTC 1998 |
!finger janc | sed -n '/Last login/p'
|