Re: [Freedos-user] FreeDOS Password v0.25 - homepage changed
> Well, we are in DOS, not Unix I don't see clearly the advantages of > looking into an variable for getting the users/passwords list... Can > someone explain that to me? As I said, it is good IMO to have all configuration files at single directory not one in C:\FREEDOS\BIN, another in C:\COOLPROG, third in C:\, etc... Imagine, you want to reinstall system and back up your configuration from old system. Is it easer to copy one directory with subdirectories or search whole disk for configuration files you may need? > > Also, good > > thing would be ability to ask PASSWORD to run some other password > > programs after login and automatically enter login and password (if I > > have local and NetWare/SMB login/password the same, I don't want to enter > > password twice). > > No. It's basically impossible, as for security reasons FD Password don't > stores the user's password anywhere, it just saves its checksum with a SDBM > hash and then works only on the stored checksums. Maybe you should set on > NetWare/SMB login=password and then use the USER variable? How it could not store password entered by user? How then PASSWORD calculates hash for entered password? ;) Having password and username the same is less secure than storing entered password for a few seconds in memory after user has entered it. My idea was, to launch additional login programs after PASSWORD, and write entered login and password to their input. And on some environments users even will not have ability to have SMB/NetWare login and password the same, because server will force password change after nn logins. -- Kristaps Kaupe, http://kristaps.netparks.lv pgpqJkeipbSpZ.pgp Description: PGP signature
Re: [Freedos-user] FreeDOS Password v0.25 - homepage changed
On Tuesday 03 May 2005 11:51, Kristaps Kaupe wrote: > Could you also check %ETC% directory? I like to have all configuration > files in the same place. ETC is already used by programs ported from *NIX > systems and many others. Well, we are in DOS, not Unix I don't see clearly the advantages of looking into an variable for getting the users/passwords list... Can someone explain that to me? > Maybe this could be changable with some command-line switch (e.g. /D=dev - > specify input/output device to use, defaults to stdin/stdout). I don't see such needs... I will wait for other's opinions thought... > P.S. Can I check from autoexec.bat which login is entered? I want to have > different configurations (keyboard layout, mapped network drives, etc...). > Maybe PASSWORD could create some batch file with loginname (for example, > @set login=testlogin), where I could append commands I need? FD Password do exactly the same thing you told. It create a batch file in his own directory called "LASTUSER.BAT". By the way, the install.bat batch add to AUTOEXEC the two following lines: C:\PASSWORD\PASSWORD.EXE /login CALL C:\PASSWORD\LASTUSER.BAT So if you installed FD Password, you have after each boots an environment variable "USER" with your login. With that you can easily do various configurations for each user ;-) > Also, good > thing would be ability to ask PASSWORD to run some other password programs > after login and automatically enter login and password (if I have local and > NetWare/SMB login/password the same, I don't want to enter password twice). No. It's basically impossible, as for security reasons FD Password don't stores the user's password anywhere, it just saves its checksum with a SDBM hash and then works only on the stored checksums. Maybe you should set on NetWare/SMB login=password and then use the USER variable? Thanks for the interest about FD Password :) Fox --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] FreeDOS Password v0.25 - homepage changed
> Users and password's hashes are stored in the PASSWORD.DAT file in the > PASSWORD's directory. Could you also check %ETC% directory? I like to have all configuration files in the same place. ETC is already used by programs ported from *NIX systems and many others. > > One last question: do you explicitly set input to CON device? > > I think it's not needed Even if someone wants to redirect the input to > anything else than CON (for example LPT or COM), he will have to enter the > login and password that way. All screen writes/reads in FD Password are > done by the standard input/output. What others thinks about that? Eric? Maybe this could be changable with some command-line switch (e.g. /D=dev - specify input/output device to use, defaults to stdin/stdout). P.S. Can I check from autoexec.bat which login is entered? I want to have different configurations (keyboard layout, mapped network drives, etc...). Maybe PASSWORD could create some batch file with loginname (for example, @set login=testlogin), where I could append commands I need? Also, good thing would be ability to ask PASSWORD to run some other password programs after login and automatically enter login and password (if I have local and NetWare/SMB login/password the same, I don't want to enter password twice). -- Kristaps Kaupe, http://kristaps.netparks.lv pgpzwf5yKzFW4.pgp Description: PGP signature
Re: [Freedos-user] FreeDOS Password v0.25 - homepage changed
On Monday 02 May 2005 19:55, Bernd Blaauw wrote: > define 'supports' please. > Does your program work without *any* external language file, or are they > *required* instead of only *optional* ? Supports, mean that it can use HIS OWN language files. His own - it's simply the model (english) file translated line by line into another language. Yes, it works with *any* external language file, as far as the file has first 10 lines empty (or comments, or anything), and following 23 lines are the translation of the 23 lines from PASSWORD.EN. Translation files are NOT required. What a weird idea :) The program works like that: IF there is LANG environment variable other than 'EN' THEN IF there is NLSPATH environment variable, then search in that path the required PASSWORD.%lang% file. IF There is LANG but no translation files found in NLSPATH (or there isn't NLSPATH at all) then search in the PASSWORD's directory. IF there is in PASSWORD's directory the required file, then load it. IF above commands can't load the translation file defined by LANG, then use internal (english) messages. All that means that language files are only OPTIONAL. If there isn't any language file, or there isn't LANG - no matter, we will use english (internal) messages. > In what file are the users/passwords stored? > not in a language file I hope Of course, not in the language file. You have really weird ideas today, Bernd ;) Users and password's hashes are stored in the PASSWORD.DAT file in the PASSWORD's directory. > Layout something like this?: > password.com/exe > userpass.txt > logfile.txt > language.txt PASSWORD.EXE (main executable) PASSWORD.DAT (passwords and hashes) PASSWORD.LOG (the LOG file, created when you run PASSWORD for the first time) PASSWORD.* (EN, PL and FR are included with the program, but others can be used too of course, if someone take care to write them - by the way, Bernd, if you have time feel free to make a dutch translation ;-) ) PASSWORD.LSM (description file) PASSWORD.PAS (source) > Besides NLSPATH and current directory, can you also search %PATH% ? For what?? Of course, I *could* if I want, but I don't see any interest in that. NLSPATH should be enough, and I additionally check the PASSWORD's directory if NLSPATH fails, I think that it is even more than enough. By the way, as Eric said, CATS/Kitten looks only into NLSPATH, nowhere else :-P > the install.bat you wrote is quite dangerous, because it's valid only > for MS-DOS 6.22 or later, with MS COMMAND.COM in use. > FreeDOS uses another menu system, for example, and autoexec.bat can also > be changed. Why dangerous I know that the [common] section will not always work, but it's surely not dangerous. And for AUTOEXEC.BAT, what is the problem? It can be changed by who? When? > One last question: do you explicitly set input to CON device? I think it's not needed Even if someone wants to redirect the input to anything else than CON (for example LPT or COM), he will have to enter the login and password that way. All screen writes/reads in FD Password are done by the standard input/output. What others thinks about that? Eric? Best regards, Fox --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
Re: [Freedos-user] FreeDOS Password v0.25 - homepage changed
Fox schreef: Hello World ;-) hello Fox, nice to hear from you again. FreeDOS Password is a program which prevent strangers to access to your PC under DOS. All logins and attempts to login are stored in a log file, passwords are hashed using the SMDB hash. It's possible to create as many users as we like, there is a restriction only for passwords and logins length - can't exceed 25 chars each (who use so long passwords??). I wrote that tool in hope that it will be usefull especially for FreeDOS users (that's why I called it FreeDOS Password). Latest version supports language files (That's not CATS/Kitten, but sort of). I wrote english, polish and french files myself, I hope peoples will write files for other languages :-P (not difficult at all, just edit the PASSWORD.EN text file, sign it and send it back to me) define 'supports' please. Does your program work without *any* external language file, or are they *required* instead of only *optional* ? In what file are the users/passwords stored? not in a language file I hope, as language preferences can be changed (and thus loose your users). Layout something like this?: password.com/exe userpass.txt logfile.txt language.txt Besides NLSPATH and current directory, can you also search %PATH% ? the install.bat you wrote is quite dangerous, because it's valid only for MS-DOS 6.22 or later, with MS COMMAND.COM in use. FreeDOS uses another menu system, for example, and autoexec.bat can also be changed. One last question: do you explicitly set input to CON device? because MS allows this: rem set input/output device to NUL instead of CON, thus disable CTRL-C SHELL=C:\COMMAND.COM NUL /P @echo off password /login mouse keyb ctty con echo Now you see output again. Regards, Mateusz Viste "Fox" P.S. What are the rules for an application to be listed somewhere in the "Software" section of FreeDOS.org? Many 'free' and/or opensource software appears in the UTILITIES section. BASE usually is for programs that replace in some way the basic MS-DOS programs. Bernd --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
[Freedos-user] FreeDOS Password v0.25 - homepage changed
Hello World ;-) The FreeDOS Password seems to be bugfree now (current release is v0.25), so I moved its homepage to my 'official' website at http://the.killer.webpark.pl/en/password.htm FreeDOS Password is a program which prevent strangers to access to your PC under DOS. All logins and attempts to login are stored in a log file, passwords are hashed using the SMDB hash. It's possible to create as many users as we like, there is a restriction only for passwords and logins length - can't exceed 25 chars each (who use so long passwords??). I wrote that tool in hope that it will be usefull especially for FreeDOS users (that's why I called it FreeDOS Password). Latest version supports language files (That's not CATS/Kitten, but sort of). I wrote english, polish and french files myself, I hope peoples will write files for other languages :-P (not difficult at all, just edit the PASSWORD.EN text file, sign it and send it back to me) Regards, Mateusz Viste "Fox" P.S. What are the rules for an application to be listed somewhere in the "Software" section of FreeDOS.org? --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 ___ Freedos-user mailing list Freedos-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-user
