topic Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs? in Operating System - OpenVMS

What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

deblaisdell — Thu, 05 Aug 2021 15:14:52 GMT

I'm new to this forum.

Please, what specific documentation covers the specific details of the OpenVMS TCPIP$ accounts for TCP/IP Services.

I'm trying to find out what the impact would be if the password for these accounts were to be reset. None of the HP TCP/IP Services for OpenVMS documentation I have looked through has the information I need.

The TCP/IP Services OpenVMS accounts of interest are:

TCPIP$DHCP
TCPIP$FTP
TCPIP$NTP
TCPIP$REXE
TCPIP$RSH
TCPIP$SMTP
TCPIP$SSH
TCPIP$TELNET

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

Volker Halle — Thu, 05 Aug 2021 17:17:26 GMT

These accounts are service account and not used for interactive login and therefore don't have any passwords.

Volker.

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

Steven Schweda — Thu, 05 Aug 2021 21:00:07 GMT

> I'm trying to find out what the impact would be if the password for
> these accounts were to be reset. [...]

"passwords", plural. I'd guess none. Dare one ask why? Is there
some actual problem which you are trying to solve?

> [...] not used for interactive login and therefore don't have any
> passwords.

Half right.

UAF> show /full TCPIP$SMTP
[...]
Last Login: (none) (interactive), 5-AUG-2021 15:23 (non-interactive)
[...]

ITS $ set ho 0
[...]

Username: TCPIP$SMTP
Password: <none>
User authorization failure
%REM-S-END, control returned to node LOCAL:.ITS::

They _have_ passwords, but no one knows or cares what they are. I
see some AUTHORIZE stuff in SYS$MANAGER:TCPIP$CONFIG.COM, and a "set
password /generate". Look for "password".

With a little effort, you ought to be able to steal some code from
that DCL script, and generate fresh passwords the same way that the
originals were generated. Why you'd want to touch any of this is a
mystery, however.

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

deblaisdell — Fri, 06 Aug 2021 14:09:04 GMT

Thank you for the response.

In response to your queries, "Dare one ask why? Is there some actual problem which you are trying to solve?" => There was a high level management directive to change the passwords on all accounts. If we are recommending not to change passwords on any accounts, we have to have "acceptable" justification.

I would prefer not to touch these accounhts. The fact that the TCP/IP Services documentation does not specifically talk about these accounts leads me to believe they should not be touched.

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

Steven Schweda — Fri, 06 Aug 2021 17:22:59 GMT

> [...] There was a high level management directive [...]

Naturally. Has anyone there considered the correlation between
mandatory password changes and the incidence of passwords stored on
Post-it notes?

Unless someone has fiddled with them, these accounts have randomly
generated passwords which no one ever knew (and no one ever uses).

About the best you could do when you change them would be to repeat
the original procedure, so that you'd end up with randomly generated
passwords which no one knows (and no one will ever use). (Although you
could make them a little longer.) Doesn't sound to me like a big
improvement.

> [...] The fact that the TCP/IP Services documentation does not
> specifically talk about these accounts leads me to believe they should
> not be touched.

It'd be a waste of time and effort, but it might be more effort to
explain that to the sub-genius policy-makers.