The following should have been contained in this archive:

login.exe     -- login without screen saver
loginsav.exe  -- login with screen saver
update.exe    -- user update/add/change password
login.doc     -- this file
user.lis      -- user file with "root", password "changeme"

I retain all rights to the above programs, these programs are licensed
for personal use free of charge (forever).  See the end of this document for
licensing info for businesses and institutions.  These programs may be
distributed by any means (BBS, FTP, etc.) for free, or for a nominal fee
of less than $2.00 if distributed on diskette or other media.  Under NO
circumstances is this program to be commercially SOLD by a third party
without proper licensing.

Basic instructions:

Place the file "user.lis" in the main directory on your C drive (C:\).
Run UPDATE to change the "root" password.  This new password
will be the password required to add users and change passwords
from now on.  UNDER NO CIRCUMSTANCES SHOULD THE ROOT PASSWORD BE
LEFT AS "changeme" (See later section on good passwords).
These usernames and passwords ARE CASE SENSITIVE !!!  Run UPDATE again
and modify the user name you wish to use.  This user will be added
to user.lis (which is now a hidden and read only file on your C: drive.)
This version is limited to 7 users.  The user file can be edited to
delete users by changing the READONLY and HIDDEN bits using ATTRIB.
Passwords can be changed this way, but there is no way of knowing what
the password is, so don't do it!

ATTRIB -H -R C:\USER.LIS

The next time LOGIN is run it will make the file HIDDEN and READONLY
again.

Next run LOGIN and make sure that you have you password correct and can
logon.  The last step is to run either LOGIN or LOGINSAV from your
autoexec.bat .  Make this the first line (or second line, after @echo off)
so that noone can CTRL-C out of autoexec.bat .  If you do NOT put this
program in your autoexec access can be gained by rebooting the system.
Anytime you leave your system you can run LOGIN / LOGINSAV from the
DOS prompt.  Placing ANY parameters after LOGINSAV will immediately
place the system in the screen saver mode (i.e., LOGINSAV blah).

Although password protected, UPDATE should be kept on a floppy for added
security, as well as a copy of user.lis.  To get a copy of user.lis
enter:   TYPE C:\USER.LIS > A:USER.LIS
The less people know about a security system the better.
Individual users cannot change their passwords, and there is no way
for you to know their password from their encrypted password.

Security:

This program encrypts your password so that the original password
never appears in plain text, even in memory after running this program.
The encryption algorithm is NOT publicly available.

After 3 unsuccessful attempts LOGIN will not check for the correct password,
the system must be rebooted.  LOGINSAV, the screen saver version, has
a higher limit since you will not know if several unsuccessful attempts
have been made.  If you find that your password will not work try
rebooting AND make sure you are using the correct case (upper/lower/mixed..).

Because of the way the CTRL-ALT-DEL sequence is handled and the ability
to swap windows in Desqview(tm) and Windows(tm), this program is NOT useful
when run under one of these multitasking environments.

The biggest problem with login programs on a local machine is booting from
a floppy.  This program will NOT protect your hard drive if your machine
is booted from a floppy.  If your machine can be configured to boot from the
hard drive first, this eliminates the problem (see BIOS setup).  Another
alternative is physically preventing access to the machine/boot diskette
drive.

Good Passwords:

The more difficult a password is to guess the better it is.  Never make
a password the same as the username!  Avoid using your name, phone number,
original distribution passwords, and simple dictionary words
(although this system is less vulnerable to dictionary attack because the
algorithm is not public). For extra security trying using mixed case
passwords, two word passwords (i.e., DogCat  <-- don't use this one, make up
one of your own!), and backwards passwords (i.e., taCgoD).  Never write down
your passwords!  This means you need to have something that you can remember!

Disclaimer:

I accept no liability for ANY problems associated with using this system.
Everyone should have a current backup, check all new software for viruses,
and use good judgement regarding system security.


Licensing:

This program is FREE for personal use, if you really like this program, find
any bugs, or have any suggestions please send me mail (snail or e-mail), see
below.  If this program is used in a business or institution it must be
licensed.  The following is the price schedule:

    One  machine  (15 users) :               $ 15
    Two  machines (15 users) :               $ 27
    Five machines (15 users) :               $ 60

(Subject to change)

Site licenses, more users, more machines, custom configurations, commercial
vendors, etc. are handled on a case by case basis.

       Scott Preston          ( sp4@reef.cis.ufl.edu )
       2622 A SW 38th Place
       Gainesville, FL  32608
       (904) 335-1576

Trademarks and acknowledgements:

DesqView is a trademark of QuarterDeck Office Systems.
DOS and Windows  are trademarks of MicroSoft.
TURBO C is a trademark of Borland Intl.
Many thanks to the maker of LZEXE,  Fabrice Ballard.
