topic Re: How to Set Strong Password in Operating System - OpenVMS

How to Set Strong Password

Muhammad Luthfi — Sun, 05 Nov 2006 22:09:05 GMT

Hi All,
Could someone inform me how to set the Strong Password in OpenVMS ?

Thanks
Luthfi

Re: How to Set Strong Password

Karl Rohwedder — Mon, 06 Nov 2006 00:55:54 GMT

What do you mean by 'strong password'? VMS lets you specifiy a minimum passwordlength, pwdlifetimes, let you force the user to generated passwords, keeps a history to prevent reentering the same password and compares to a dictionary of forbidden passwords (which can be extended).

regards Kalle

Re: How to Set Strong Password

labadie_1 — Mon, 06 Nov 2006 05:22:34 GMT

And to complete what Kalle said, you can ask for 2 generated passwords, with a minimum length (8, 10 characters...) , for a sensitive account.

The drawback is that, when it becomes too difficult, you should check to see if the customer has a post-it on his screen with the 2 passwords...

:-)

Re: How to Set Strong Password

Muhammad Luthfi — Mon, 06 Nov 2006 06:05:15 GMT

Actually this is request from security officer The Strong password is mean the password must be combination of alphanumeric for example if I create one user let say TEST the must password must be abc123 if not the user can't created .

Thanks
Luthfi

Re: How to Set Strong Password

Volker Halle — Mon, 06 Nov 2006 06:17:43 GMT

Luthfi,

you can specify the minimum-length for passwords and you can allow mixed case passwords, but the system manager can always override the rules, when creating or modifying a user account with AUTHORIZE. Only the users are bound by these rules, when they change their own passwords.

If you want or need specific password rules, you would need to implement them via additional programming (using LGI callouts).

Volker.

Re: How to Set Strong Password

Jeff Byrkit — Mon, 06 Nov 2006 13:15:36 GMT

You can also write a C program, link it, and call it vms$password_policy.exe in sys$share (I think). I found the directions in the docs somewhere. The commented out code I used during testing.

#include
#include
#include
#include
#include
#include string
#include ctype

static $DESCRIPTOR(badpassword, "WAYTOOFAREASYNOW");
int policy_plaintext();

/*
int main(argc,argv) {
char test[64];
struct dsc$descriptor try;
while(1) {
printf("Enter password: ");
gets((char *)&test);
try.dsc$a_pointer = (char *)&test;
try.dsc$w_length = strlen(test);
if(policy_plaintext(&try,0) == SS$_PWDWEAK) printf("Not good\n");
else printf("Ok!\n");
}
}
*/
int policy_plaintext( struct dsc$descriptor *password,
struct dsc$descriptor *username )
{
char *str = password->dsc$a_pointer;
int len = password->dsc$w_length;
int i;
int ltr = 0;
int numb = 0;
int symb = 0;
for(i=0;i if(isalpha(str[i])) ltr = 1;
else if(isdigit(str[i])) numb = 1;
else if(ispunct(str[i])) symb = 1;
}
if(ltr&numb&symb) return SS$_NORMAL;
return SS$_PWDWEAK;
}

int policy_hash( int password[2], struct dsc$descriptor *username )
{
return SS$_NORMAL;
}