https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256297#M100183 I brain farted as indicated on my 2nd post in this thread! Wed, 22 Sep 2010 18:03:21 GMT Warren G Landrum 2010-09-22T18:03:21Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256293#M100179 VMS Admins,<BR /><BR /><BR />Within the last week, I have noted that 3 of the OpenVMS Alpha systems (version 7.1, 7.2-1H1 and 7.3-1) that I manage now allow my fully privileged account and the SYSTEM account to log in when telnetting or decnetting to them WITHOUT A PASSWORD.<BR /><BR />Obviously, this is disturbing. I did not make any changes to these systems to allow them to function like this and I can't figure out how it was done or who did it, so I have a problem.<BR /><BR />In regard to how it was done, do any of you have any ideas as to what I should check to turn off this aut-logon feature that has apparently been turned on somewhere?<BR /><BR />Thanks! Wed, 22 Sep 2010 17:25:33 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256293#M100179 Warren G Landrum 2010-09-22T17:25:33Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256294#M100180 The only way this could happen is by modifying the accounts with <BR /> authorize account /NOPASSWORD<BR />or changing the UAF file by some other means.<BR /><BR />Reset it by setting a new password<BR />SET PASSWORD <BR />or <BR />authorize mod account /PASSWORD=newpassword<BR /> Wed, 22 Sep 2010 17:44:30 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256294#M100180 Joseph Huber_1 2010-09-22T17:44:30Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256295#M100181 Brainfart on me.<BR /><BR />When changing thosepasswords, i did a /nopasswdexp instead of /nopwdexp as I intended, so obviously, it just took the first 6 characters and set the accounts with no passwords.<BR /><BR />Bad me! Wed, 22 Sep 2010 18:01:06 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256295#M100181 Warren G Landrum 2010-09-22T18:01:06Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256296#M100182 Have a look into the AUDIT log <BR />(analyze/audit), and select AUTHORIZATION events to see if somebody else has done it.<BR />Use SHOW AUDIT to see if these events are audited.<BR /><BR />Also it is good to enable auditing<BR />(SET AUDIT/ENABLE=(list) for<BR />SYSPRV,BYPASS,CONTROL,PRIVILEGE<BR />or<BR />put and audit control ACL on SYSUAF.DAT<BR />(see HELP AUDIT /ENABLE).<BR /><BR /> Wed, 22 Sep 2010 18:01:48 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256296#M100182 Joseph Huber_1 2010-09-22T18:01:48Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256297#M100183 I brain farted as indicated on my 2nd post in this thread! Wed, 22 Sep 2010 18:03:21 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256297#M100183 Warren G Landrum 2010-09-22T18:03:21Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256298#M100184 There has effectively been no password configured for SYSTEM for some years now, based on your description of your network and access patterns. All you did here was enable that for yourself. Might as well leave it turned off, too.<BR /><BR /> Wed, 22 Sep 2010 18:57:31 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256298#M100184 Hoff 2010-09-22T18:57:31Z https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256299#M100185 I'm sure Warren is deploying IPsec via Process Software's Multinet, thereby transparently bullet-proof securing all his TELNET and DECnet-over-IP communications.<BR /><BR />Cheers Richard Maher Wed, 22 Sep 2010 21:36:54 GMT https://community.hpe.com/t5/operating-system-openvms/logging-in-with-no-password/m-p/5256299#M100185 Richard J Maher 2010-09-22T21:36:54Z