HPE Community
Operating System - OpenVMS
1753624 Members
5629 Online
108797 Solutions
New Discussion юеВ

Re: How to Set Strong Password

 
Muhammad Luthfi
Occasional Contributor

тАО11-05-2006 02:09 PM

тАО11-05-2006 02:09 PM

How to Set Strong Password

Hi All,
Could someone inform me how to set the Strong Password in OpenVMS ?

Thanks
Luthfi
0 Kudos
Reply
5 REPLIES 5
Karl Rohwedder
Honored Contributor

тАО11-05-2006 04:55 PM

тАО11-05-2006 04:55 PM

Re: How to Set Strong Password

What do you mean by 'strong password'? VMS lets you specifiy a minimum passwordlength, pwdlifetimes, let you force the user to generated passwords, keeps a history to prevent reentering the same password and compares to a dictionary of forbidden passwords (which can be extended).

regards Kalle
0 Kudos
Reply
labadie_1
Honored Contributor

тАО11-05-2006 09:22 PM

тАО11-05-2006 09:22 PM

Re: How to Set Strong Password

And to complete what Kalle said, you can ask for 2 generated passwords, with a minimum length (8, 10 characters...) , for a sensitive account.

The drawback is that, when it becomes too difficult, you should check to see if the customer has a post-it on his screen with the 2 passwords...

:-)
0 Kudos
Reply
Muhammad Luthfi
Occasional Contributor

тАО11-05-2006 10:05 PM

тАО11-05-2006 10:05 PM

Re: How to Set Strong Password

Actually this is request from security officer The Strong password is mean the password must be combination of alphanumeric for example if I create one user let say TEST the must password must be abc123 if not the user can't created .

Thanks
Luthfi
0 Kudos
Reply
Volker Halle
Honored Contributor

тАО11-05-2006 10:17 PM

тАО11-05-2006 10:17 PM

Re: How to Set Strong Password

Luthfi,

you can specify the minimum-length for passwords and you can allow mixed case passwords, but the system manager can always override the rules, when creating or modifying a user account with AUTHORIZE. Only the users are bound by these rules, when they change their own passwords.

If you want or need specific password rules, you would need to implement them via additional programming (using LGI callouts).

Volker.
0 Kudos
Reply
Jeff Byrkit
Occasional Advisor

тАО11-06-2006 05:15 AM

тАО11-06-2006 05:15 AM

Re: How to Set Strong Password

You can also write a C program, link it, and call it vms$password_policy.exe in sys$share (I think). I found the directions in the docs somewhere. The commented out code I used during testing.

#include
#include
#include
#include
#include
#include string
#include ctype

static $DESCRIPTOR(badpassword, "WAYTOOFAREASYNOW");
int policy_plaintext();

/*
int main(argc,argv) {
char test[64];
struct dsc$descriptor try;
while(1) {
printf("Enter password: ");
gets((char *)&test);
try.dsc$a_pointer = (char *)&test;
try.dsc$w_length = strlen(test);
if(policy_plaintext(&try,0) == SS$_PWDWEAK) printf("Not good\n");
else printf("Ok!\n");
}
}
*/
int policy_plaintext( struct dsc$descriptor *password,
struct dsc$descriptor *username )
{
char *str = password->dsc$a_pointer;
int len = password->dsc$w_length;
int i;
int ltr = 0;
int numb = 0;
int symb = 0;
for(i=0;i if(isalpha(str[i])) ltr = 1;
else if(isdigit(str[i])) numb = 1;
else if(ispunct(str[i])) symb = 1;
}
if(ltr&numb&symb) return SS$_NORMAL;
return SS$_PWDWEAK;
}

int policy_hash( int password[2], struct dsc$descriptor *username )
{
return SS$_NORMAL;
}
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.