英語 [README] [login/README.WZV] [skey.access]
日本語 [login/README.WZV.j] [skey.access.j]
[logdaemon-5.6をNEWS OS4.xでコンパイルするためのパッチ] [戻る]

A change log of this software can be found at the end of this document.

For announcements of updates, send mail to majordomo@wzv.win.tue.nl with as body (not subject): subscribe logdaemon-announce

Report problems to:

	Wietse Venema (wietse@wzv.win.tue.nl) 
	Eindhoven University of Technology 
	Eindhoven, The Netherlands

Warning:

Many programs in this kit replace system utilities. Don't replace system utilities unless you are an experienced system programmer and system administrator.

I am using these programs daily on SunOS 4 and SunOS 5 systems, so I am pretty confident that they work well in these environments.

Other plaforms that are supported to some extent: Ultrix 4, IRIX 5, HP-UX 9 and OSF 1 (Digital UNIX). However, I do not have root access on such systems so I unable to verify that the programs are really compatible with the ones that they replace.

Introduction:

This archive contains the result of years of gradual transformations on BSD source. All code works with SunOS 4, SunOS 5 (Solaris), Ultrix 4.x and other BSD43/SYSV4 clones. In addition, the S/Key-ified parts work with IRIX 5.3, HP-UX 9.0, and Sony NewsOS 4.x; the login clone also reportedly works with Linux. There is a very good chance everything now also works with Digital UNIX, but I was unable to test this myself.

(1) rsh and rlogin daemons that log the remote username and perform
    logging and access control in tcp/ip wrapper style.  By default
    these daemons do not accept wildcards in hosts.equiv or .rhosts
    files. Both daemons have an '-l' option to disable user .rhosts
    files. The rshd optionally logs the user command (edit Makefile).
    The programs are more picky than usual about file permissions
    of .rhosts files:  they must be owned by the user (or by the
    superuser), and they may not be group or world writable.

(2) ftpd, rexecd and login software with fascist login failure logging
    and with optional support for S/Key one-time passwords.  The rexecd
    daemon disallows root logins, once my favourite backdoor.  The
    support for S/Key one-time passwords is optional, and completely
    invisible to users that do not need it.  UNIX passwords are still
    permitted by default. A short description of how to use S/Key can
    be found in the skey subdirectory. Binaries for DOS and other
    systems can be found on thumper.bellcore.com. The rexecd optionally
    logs the user command (edit Makefile).

(2a) ftpd and login software that supports the SecureNet card (code
    donated by William LeFebvre, Argonne National Laboratory). This
    software needs a DES library (for example, host ftp.psy.uq.oz.au
    directory /pub/Crypto/DES). See snk/README for more information.
    The code has been tested with SunOS 4.x and 5.x.

(3) an S/Key login shell for sites that cannot replace the login
    program. Users first log into a password-less dummy account. The
    S/Key login shell prompts for their real account name and presents
    the corresponding S/Key challenge.

The S/Key support uses the MD4 or MD5 hash function. The mode (MD4 by default, for backwards compatibility) is selected in skey/Makefile.
The rshd and rlogind programs need the libwrap.a library that comes with recent (version >= 7.0) tcp/ip daemon wrapper implementations. In order to build rshd and rlogind you will have to do a

setenv LOG_TCP /directory/with/libwrap.a

Contents per directory:

rlogind
logging and access control in tcp wrapper style. Regular access is logged (by default) with priority daemon.info.
Rejected access is logged with daemon.warn or more urgent.
SunOS 4.x, SunOS 5.x and Ultrix 4.x. In order to use the "-l" (ignore user .rhosts files) option you will also need to install the login clone (see below).
rshd
logging and access control in tcp wrapper style. Regular access is logged (by default) with priority daemon.info.
Logging of commands is a compile-time option (see the rshd/Makefile). Rejected access is logged with daemon.warn or more urgent. SunOS 4.x, SunOS 5.x and Ultrix 4.x.

login
hacked for SunOS 4.x, SunOS 5.x, with optional access control per (user,host) or per (user, tty); fbtab(5) security; fascist login failure logging. Regular logins are logged with priority auth.info, unusual or rejected logins with auth.notice. S/Key support. Can also be used with Ultrix 4.x for logins on non-graphics consoles. Appears to work with IRIX 5.3, HP-UX 9.0 and Linux (Slackware), NewsOS 4.x, Digital UNIX.

rexecd
Regular access is logged with priority daemon.info. Fascist login failure logging. Logging of commands is a compile-time option (see rexecd/Makefile). Rejected access is logged with auth.warn or more urgent. Access to the root account is prohibited. S/Key support. SunOS 4.x, SunOS 5.x and IRIX 5.3. Should also work with Ultrix. May work with HP-UX 9.0 and NewsOS 4.x, Digital UNIX.

ftpd
ftp daemon with fascist logging and login failure detection much like the login clone. Also logs anonymous ftp transfers. Tested with SunOS [45]. S/Key support. Should also work with Ultrix 4.x. May work with IRIX 5.3, HP-UX 9.0, NewsOS 4.x, Digital UNIX.

telnetd
pretty dumb BSD 4.3 telnetd. No access control or logging, but compatible with SunOS 4.x, Ultrix 4.x, SunOS 5.x. Relatively poor in features (no environment passing) so there is less risks of surprises.

keysu
NET/2 BSD su command ported back to SunOS 4.x, with S/Key support. Tested with FreeBSD and SunOS 4.1.3. May work with IRIX 5.3, HP-UX 9.0, NewsOS 4.x, Digital UNIX.

skeysh
An S/key login shell for sites that cannot replace the login program. The solution is to create a dummy account with skeysh as the login shell. skeysh is nothing but a stripped-down skey-only login program. People first log into the dummy account. This drops them into skeysh that prompts them for their real account name and presents the corresponding S/Key challenge. Tested with SunOS 4.1.3 and with Solaris 2.3 and IRIX 5.3. Should work anywhere the login clone works.

lib
additional routines used by login and by some daemons. Includes the ruserok() function that understands NIS, NFS (yuck) and that optionally skips user .rhosts files, and functions that mangle various UTMP file formats.

skey
Portions of S/Key source from thumper.bellcore.com, plus code that I hacked together myself. All bugs are my own. Edit the Makefile to choose between the MD4 or MD5 secure hash function. MD4 is default, for backwards compatibility.

snk
Code for the SecureNet card by William LeFebvre, Argonne National Laboratory). See snk/README for more information.

Change log:
===========

901218  Fixed a problem with NOFLSH in login.c that caused interrupts
	to not flush the terminal input queue.

910209  Added per-user login access control.

911128  Added support to login for SunOS 4.x style /etc/fbtab, a table
	of devices whose protection and ownership is to be adjusted
	when a user logs in.

920609  Added tcp wrapper (log_tcp) style access control to rlogind and
	rshd. Improved the remote host name verification code. Added
	the LD_xxx environment fix to login.

920624  Login no longer just dies when the connection is broken, but
	first reports a login failure. This exposes an old cracker's
	trick.

921029  Ported to Ultrix 4.2. Most of the work was finding out why the
	login process did not have a controlling terminal.

921208  Ported to Solaris 2.0. rlogind can now work with the /bin/login
	that comes with most UNIXes. This was desirable because not
	everyone is in a position to replace /bin/login.  Moreover,
	some SYSV logins can't even support the '-f' option at all (or
	everyone could login without a password). 

	2alpha version released.

921229  Tested with Solaris 2.1; some cleanups after looking at
	modified 4.4BSD sources from Charles Hedrick
	(hedrick@cs.rutgers.edu).  The sources can be found on
	farside.rutgers.edu.

930103  Most of the sensible SYSV login features implemented. Frozen
	after check, check and double check. The source really suffered
	from porting and has become too ugly. It becomes a lot more
	readable after running through the unifdef program. 

	Version 2beta released.

930119  Version 2 released after compatibility patches: rshd path;
	disabling the local domain stripping in login.c; cleanup utmpx
	file after rejecting an rlogin connection.

930221  Added group support to the login access control code, so that
	we can disallow off-site logins to wheel group members.  Group
	matches work only for accounts that are explicitly listed in
	the group file: the matching is not based on group id values.

930222  Stole the code for the EXCEPT operator from the tcp wrapper.
	This, and the previous change, allows me to replace:

		# Disallow non-local logins into the wheel accounts
		+:foo bar baz:LOCAL .my.domain -:foo bar baz:ALL

	into the much easier to understand:

		-:wheel:ALL EXCEPT LOCAL .my.domain

	Assuming, of course, that the default is to permit access.

930331  Added per-program hints on how to configure syslogd.
	Added __svr4__ to the Solaris CFLAGS macro because the
	unbundled C compiler does not define it.

930925  Upped the number of ptys that telnetd and rlogind will attempt
	to open.  The original versions would give up after 64 ptys.

930925  rshd now preserves TZ info when running under SunOS 5.
	We were too compatible with SunOS 5.

930925  login will now syslog() all regular logins, too. It took
	me too much time to examine individual wtmp files.

930929  Ultrix last minute patch to fix rshd environment handling. The
	fix must be ok for SunOS too but no time to verify this.

931206  With SunOS 5.x, Do not pass the "-p" option to login.

931212  Added logindevperm support for compatibility with SunOS 5.3.

931212  Added support to the login command for secure (DES) RPC (only
	for SunOS [45].x). This requires that the cleartext password be
	kept around until we have dropped privileges.  Had to jump some
	hoops to prevent the program from ever dropping core with a
	cleartext password.

931212  Print error message when the login.access file exists but
	cannot be opened.

931225  Added S/Key support to login 'cause I was going on a trip.

931229  While on my trip, added S/Key support to ftpd.

940106  Woke up at 5am and realized there was a problem in my S/Key
	stuff.

940107  S/Key Solaris portability fixes from Douglas Lee Schales.

940110  Make sure that keyinit does not produce world-writable files.

940112  SysV4.0 wtmpx portability fixes from Baruch Cochavy.

940124  Fixed some ftpd  and skey things that broke for Ultrix 4.x.

940125  Fix for Solaris uname(2) >0 return value. I fixed this before
	but somehow the change got misplaced. From Douglas Lee
	Schales.

940130  Made initial seed from skeyinit.c more random (use seconds
	instead of minutes). I managed to produce the same seed on
	multiple machines. The whole seed generation procedure sucks
	anyway:  taking the first two letters of a host name.

940205  Made initial seed from skeyinit.c more random (use last 5
	digits of current time in seconds).

940206  Fixed some login Makefile things that broke for Ultrix 4.x.

940206  Had some real fun with (argh) NIS+. The old BSD login code
	would blindly close all filedescriptors > 2 right AFTER it had
	processed the command-line options. I had to move the closing
	of open files right to the top of the main program. The reason
	for this is that all kinds of nisplus library routines secretly
	open sockets or files and keep them open forever. They get very
	upset when you unexpectedly close their open files.

940306  Finally got so disgusted from the BSD/SYSV #ifdefs that I
	began to clean up the login program. From now on we use POSIX
	instead of BSD/SYSV ifdefs.  Many of my personal enhancements
	are no longer conditional. Ultrix misses some definitions so
	login won't compile there anymore.

	Kerberos code for login.c (John DiMarco
	).

940312  Security feature: when S/Key decides whether UNIX passwords are
	ok, skip IP addresses listed for the remote host that appear to
	belong to someone else.

	Cleaned up the rlogind/telnetd code (POSIX interfaces instead
	of BSD/SYSV ifdefs).

	Changed the ftpd S/Key password prompt so that the MS-DOS
	`termkey' TSR can parse it.

940314  Cleaned up the ftpd code (POSIX interfaces instead of BSD/SYSV
	ifdefs).  Ultrix misses some definitions so ftpd won't compile
	there anymore.

	All code now compiles and works on freebsd, which has become my
	development platform while traveling.

	The code compiles OK on an Indy running IRIX 5.something:  just
	pretend to be sunos5.

940317  The telnetd/login programs no longer assume 7 or 8 bits, but
	leave CS7/CS8 tty settings alone.

940321  Modern rloginds seem to prefer 8-bit clean settings, so we
	force CS8 from now on.

940326  Our system administrator wanted netgroup support in the login
	access control file. This took only a few lines of code. A
	netgroup is written as @name, and can be used in host patterns
	and in user patterns.

	Included the keyinfo command and documentation, after getting
	rid of localisms.

	keyinit now restores the tty settings when it is interrupted.

	logdaemon-4.1.tar.Z released.

940426  Backwards compatibility code for Ultrix in login and ftpd.

	Added keysu (s/key su) command. This has little to do with
	daemon stuff but it just makes the package complete. This has
	been tested only with SunOS 4.x and FreeBSD.

	Unset FLUSHO in login.c, in case it helps.

940430  rexecd and rlogind now use the fd_set macros, to shut up
	the ANSI C compiler.

	converted net/2 su.1 man page to old -man macro style.

	William C. DenBesten asked for user@host patterns in the login
	access control files, so he could control many machines with
	just one set of rules. Fortunately, this took only a few lines
	of code.  The hostpart is matched against the local host name.
	With user@host patterns and netgroups you can build impressive
	patterns such as @usergroup@@hostgroup.

940505  Peter Kossakowski (dfn cert) mentioned he usefulness of the -l
	option to ignore user .rhosts files. On most systems, the
	ruserok() library function have no support for that, so a
	modified version is provided.

	As a bonus, '+' wildcards are by default no longer accepted.
	Instead a loud complaint is sent to the syslogd. The programs
	must be compiled without -DNOPLUS to re-enable '+' wildcards.

	The -l option is supported by rshd, rlogind and by the login
	program (rlogind must pass on the -l option when the login
	program does the hosts.equiv/rhosts processing).  Thus, in
	order to use -l you will have to replace both rlogind and login
	(and, of course, rshd).

	Most path names and syslog logging classes are now configurable
	from the Makefile.

940516  Fixed the README and released version 4.2.

940523  Just like the login program, the ftpd now tries to avoid
	dumping core with cleartext or encrypted (shadow) passwords.

940628  Generalized the format of the /etc/skey.access file so you can
	permit/deny UNIX passwords depending on user, tty and/or host.
	There is a new manual page, skey/skey.access.5 that documents
	this new format.

940718  Fixed another thing that broke with Ultrix: in lib/rcmd.c
	moved an #endif up to above the rresvport() routine.

	Now that you can specify what terminals are secure, the S/Key
	code has been modified to always permit UNIX passwords on the
	console. This saves you the embarrasment of having to break
	into your own machine. Alas, on some systems the console is not
	called /dev/console.

	Released version 4.3.

940908  Added -user and -host support to ruserok().  No-one complained
	sofar, but most systems document it. Looks like one feature
	that Berkeley dropped.

	HP-UX and BSDI support from Howard Chu for login, keysu and
	s/key.

	Replaced Howard's "vendor" #ifdefs by "feature" #ifdefs.

	(s/key) When built with -DSECURETTY, the keysu command will not
	accept the root password unless it is invoked from a secure
	terminal.  Idea from Howard Chu.

	(s/key) "keyinit -s" would ask for counts up to 10000 but the
	actual limit is 9999 (Howard Chu).

	(s/key) Eliminated a possible localhost vs localhost.domain
	clash (Howard Chu).

940910  Collected system dependencies in one central file (sys_defs.h)
	and cleaned up the Makefiles. This may help when porting to
	other systems.

940911  After discussions with Guido van Rooij, documented several host
	name and address spoofing loopholes that may cause S/Key to
	permit UNIX passwords to unauthorized clients.

940914/5 Porting rexecd, ftpd, rlogind and telnetd to HP-UX 9.0 was not
	impossibly difficult. The effort may be useful to someone.

940917  Disabled the `site' extensions (umask, chmod) for ftp guest
	logins.

940922  Replaced the MD4 code by the byte-order independent versions
	from the NRL distribution on thumper.bellcore.com. MD4 is still
	the default. Edit skey/Makefile to switch to MD5.

941001  Idea from *Hobbit*: sites that cannot replace their login
	program create a dummy s/key account with as login shell a very
	much stripped-down skey-only login program.  The skeysh program
	is my result of such an exercise.

941002  Cleaned up docs and comments.

	Released version 4.4.

941014  setenv() was missing an argument in skeysh/skeysh.c. This
	should not cause problems, but gcc barfs on it. sigh.

941022  Fixed pointer indirection level in lib/utmp_login.c. This
	would produce unpredictable results for HP-UX.

941105  Parametrized some hard-coded lengths for environment variables
	and fixed some rather short limits on username length.

941121  Changed the default console from /dev/console to none. This is
	more compatible with SysV (Kevin Davidson).

941121  Dropped ptyopen() etc. support for HP-UX. Having to support
	BSD and SYSV ptys is bad enough.

941126  It seems that assignments of static data to the environ
	variable may cause trouble on non-BSD systems. Instead of

		environ = envinit; execl(...);

	we no longer replace environ but truncate it and use putenv():

		environ[0] = 0; putenv(...);

941127  On System V all daemons now preserve the complete initial
	environment. There were several reports of missing TZ values.
	I was unable to reproduce them with Solaris 2.3 and gcc.

941127  Fixed skey/skeylogin.c to look at more than just the first 8
	characters of the login name.

941127  Fixed something in the skeysh/Makefile that broke on Ultrix.

	Released version 4.5.

941129  With Solaris 2.x, keysu would recognize '-' as a user name.
	This is due to getopt() incompatibilities. Fix: SysV su does
	not support options anyway, so drop the getopt loop.  Reported
	by in1052@wlv.ac.uk (A.Parkes).

941129  Found another static assignment to environ in keysu.c.

941130  Should have used setenv() to set the user's path in keysu.
	Reported by Patrick Cipiere .

941209  With passive open, do not wait forever in accept(). Idea from
	casper@fwi.uva.nl in article <3asnqc$1h0@mail.fwi.uva.nl>.

941218  Changed rlogind and rshd to use the open-ended tcp wrapper 7.0
	programmatic interface, so that banners can be used.

950101  Patches from David Mazieres: close redundant file descriptors
	in rshd and rexecd; workaround for broken HPUX setsid(); also,
	the HP-UX baud-rate codes differ from those on other
	platforms.

950101  Ftpd would send bare linefeeds when listing files over an
	ASCII-mode data connection, causing problems with wattcp
	clients (reported by Shou-Chuan Lai).

950108  Released 4.6, together with TCP wrappers 7.0.

950111  David Mazieres: HPUX cc is pickier than I expected. What's
	worse, they already define a struct request_info. Time for a
	horrible workaround.

950111  In S/Key passwords, accept commas instead of blanks, to work
	around stupid software that collapses blanks in passwords.

950121  Added SYSV shadow support to keysu (suggestion: Leif
	Hedstrom).

950213  skeyaccess could dereference a null pointer when host lookup
	failed (Larry J. Blunk @ Merit.edu). How embarrassing.

950222  Make ftpd try again when the data port bind() fails with
	EADDRINUSE.

950222  keysu did not strip the "/dev/" from the device name when
	looking for a secure terminal (Rob Liebschutz).

	Released 4.7.

950229  Oops. The securetty code in keysu looked at the wrong tty
	variable (Matthew Needes).

950308  Some Solaris applications may pass a '-' as username to
	/usr/bin/login (Kadlecsik Jozsi).

950321  Protected all environ[0]=0 assignments by a test if environ is
	nonzero. Ultrix daemons may have a null environment pointer,
	how bizarre. Paul Sijben helped me figure out this one.

950414  Oops. do_access() should call exit() not cleanup() (credits to
	Shou-Chuan Lai of National Tsing Hua University).

950422  Completed ULIMIT, UMASK and SLEEPTIME login default support.

950423  IRIX 5.3 support for s/key utilities and login/ftpd/rexecd.
	I still need to figure out what some IRIX login options do.

	Released 4.8.

950425  The login kerberos code had stopped working (David Mazieres).

950426  HPUX login now sets LOGNAME environment variable.

950428  Start of yet another series of S/Key code cleanups (Guido van
	Rooij, Tom Dunigan, some thrown in myself).

950429  Linux (Slackware) login fixes (Michael Brennen).

950430  IRIX problem: libnsl breaks NIS lookups (Tom Dunigan).

950430  IRIX now takes default user and root PATH from .

950430  More Linux (Slackware) login fixes (Michael Brennen).

950430  IRIX login now also sets REMOTEUSER.

950430  Folded in support for Sony NEWS-OS V4 (Jun-ichiro Itoh).

950430  Makefile cleanups: recursive make -n, intel outside.

950430  FreeBSD 2.0 workarounds (sys_errlist) so I can work on this
	code on my laptop while in the train.

950430  Made console device name configurable via sys_defs.h so that
	skeyaccess does the right thing with Linux.

950501  With HPUX, now use the system's getusershell() routines and
	don't link in the SYSV default routines when building skeysh.

950501  Implemented IRIX login default MAXTRYS (login attempt limit).

	Released 4.9. This release was expedited because of a file
	descriptor leak in my own S/Key glue routines. The leak could
	give logged-in users write access to s/key control files.

950502  The keyprint script (to print credit cards with s/key
	passwords) did not set PATH (Lionel Cons).

950622  FreeBSD needs linking with -lcrypt or you get a weaker crypt()
	algorithm. Now I can hack logdaemon while on the train.

950805  On systems with shadow passwords, rshd should not look at
	password fields from /etc/passwd (Peter A. Bigot).

950806  Ultrix login now displays the LAT port (Michael A. Crowley).

950807  Workaround for variadic functions on the alpha and other
	architectures where sizeof(int) < sizeof(pointer). Should
	change the code to use varargs/stdarg instead.

950812  Folded in the support for SecureNet keycards from William
	LeFebvre, Argonne National Laboratory. Presently, this is
	tested for SunOS 4/5 only, but probably works on everything
	else.

950812  Added my best guess for OSF1 (now Digital UNIX) system
	dependencies: late BSD-ish with SYSV utmp.

950812  The rexecd and rshd servers will log now user commands when
	compiled with -DLOG_COMMANDS (see Makefile).

950813  ftpd now closes unused passive ports, and rejects PORT requests
	that specify a privileged port or a third-party host (Hobbit).

950814  Removed unnecessary seteuid() calls in FTPD passive mode.

950815  FTPD Passive mode can now be forced to bind to ports in a
	specific window by doing, before make:

	    setenv PASV_WINDOW "-DPASV_MIN_PORT=nn -DPASV_MAX_PORT=mm"

950826  With secure RPC, the user's password should be truncated to 8
	characters (Kjell Hogstrom).

950930  Skeysh did not re-enable INT and QUIT signals (Jay
	Borkenhagen).

951001  Changed the skeyaccess() interface. The skey.access "group"
	now also matches the primary group ID. (Michael Aichlmayr).

951001  Code reorganization: system dependencies moved from Makefile
	to sys_defs.h, common files moved to lib directory.

951012  Removed a redundant ulimit() call in login.c and skeysh.c: it
	broke with a zero ulimit in /etc/default/login (Carson
	Gaspar).

951017  Skeysh now preserves the REMOTEUSER environment variable.

951020  Updated the ftpd manual page to reflect today's reality.

951021  Some HP-UX tty drivers still default to the @ and # line
	editing characters, and rely on the login program to sanitize
	them (Gordon Marler).  The login program now fixes such ancient
	settings.

951021  Avoid potential problems by saving results from functions with
	volatile results such as inet_ntoa() and gethostby*().  With
	Solaris library routines doing their own hidden connection
	management, such library results become unreliable.

951024  Dropped some redundant code and declarations from rexecd.

951024  The rshd host name spoofing test was slightly broken.  The
	program would dump core instead of logging the attack.  I
	wonder how many treasures of this kind still lie buried in the
	BSD source code.

951024  ftpd now uses facility LOG_AUTH, just like rexec and login.

951024  While in the underseas tunnel between France and the UK,
	fixed an obscure s/key ftpd core dump that happens when the
	user sends no password.

951027  Updated the fixenv() environment stripper.

951028  System dependencies now trigger on hpux9 instead of hpux,
	so that we can more easily migrate to HP-UX 10.

951028  Added support for window size changes to the telnet daemon.
	This is about the only essential feature that I was missing.
	In the process fixed a bug in the telnet suboptions handling.

	Released 5.0

951029  The S/Key routines now syslog an error when they are unable to
	open the skeykeys file. Better be explicit than have people
	wonder why something did not work.

951030	Cleaned up the ftpd yacc grammar. The YACC stack is now a union
	so it no longer assigns pointer values to integers.

951124  Solaris 2.5 now needs _SVID_GETTOD (Frank Kaefer) or we have
	a function prototype conflict.

951201  In transfer logs, ftpd should not log the current directory
	when the remote user specifies an absolute path name.

951201	login_access() did not match primary groups (Dave Adamson).

960115	Work around for HPUX 9.x in case the client hostname is unknown
	(telnetd/rlogind pass the *server* address on the command line).

960115  In the Makefiles, osf1 changed to decosf1 to avoid confusion
	with OSF on Intel.

960115	Several DECOSF patches from Lawrence MacIntyre.

960115	keysu now logs the host from which the user is logged in
	(Marcus Schwartz).

960115  Now also logs file owner and permissions problems with .rhosts
	files instead of just refusing to use the file (Bob Beck).

960115	keysu now has the '-c command' option.

960115	Cleaned up some logging code in login (Chris Metcalf).

960213	Better HP-UX 9.x compatibility (Eric Backus).

960213	No "wheel" group restriction for "su root" for SYSV systems
	(except SunOS 5...).

960213	Ignore empty "wheel" groups (Chris Metcalf).

960226  Christophe Dorchies found an missing argument in a
	fatalperror() call in the rlogind program.

960308	UTMP fix for Digital-UNIX - it's not really a SYSV-UTMP system.

960308	Jean-Luc Szpyrka spotted an unitialized memory read in btoe().

960314  SunOS 4 sets the LOGNAME environment variable, and so should
	we (Peter W. Osel @ Siemens).

960322  rlogind/rshd did not pass server name/address info to the tcpd
	library routines (Shou-Chuan Lai ).

	Released 5.1

960425  Made skeyaccess() robust against null user arguments
	(Cedomir Igaly ).

960518  keysu did not chek the return from getenv("TERM") (Henry Ptasinski)

960518  snk_crypt() left secrets behind in memory (Henry Ptasinski).

	Released 5.2

960616  Patches for the login program for Digital UNIX with enhanced
	security (Cedomir Igaly). Specify -DDECOSF1_ENHANCED to enable
	this and link with -lsecurity (see login/Makefile).

960616  Use the Digital UNIX utmp/wtmp routines instead of our own
	(Cedomir Igaly, Lawrence Macintyre).

	Released 5.3

960920	Removed redundant waitpid() declaration from ftpd/popen.c.
	It caused a prototype conflict.

961013  William LeFebvre: fix of 960518 caused SIGSEGVs due to a
	missing initialization.

961016  How stupid of me. Marc Binderberger found a missing ntohs()
	call that caused ftpd to erratically reject client PORT
	requests.

	Just in case, PASV and PORT commands now require that the user
	is logged in before they can be used.

961029  Andrey A. Chernov: [in skey_getpass.c] Change "nope" to ":".

961031	rlogind no longer changes the VMIN and VTIME fields.

	Released 5.4

961123  Reportedly, some resolvers (Solaris) do not protect
	applications against unreasonable h_length values from the
	network.  Protected the skey and snk code against such
	nonsense.  This protection was delayed because I moved from
	Europe to the USA for a sabattical year.

961123  Copied some patches from skey/skeyaccess.c to snk/snkaccess.c.

961222  In BoS, Joe Zbiciak spotted a buffer overflow in login.c main()
	that dates all the way back to almost 10 years ago. It is
	not certain that this can be exploited (main() never returns)
	but it shouldn't be there anyway.

	Released 5.5

970104  David Greenman of the FreeBSD project found an interesting
	problem in wuftpd that allows remote users to access files
	as root.  The same hole was also present in the logdaemon
	ftpd, and probably in many other ftpd implementations, too.
	The fix is to disable signals while ftpd temporarily raises
	its privilege level or while it does other critical stuff.

	Released 5.6