- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Account Lockout Setting on Open VMS 7.3.2 Oper...
Operating System - OpenVMS
1752587
Members
4136
Online
108788
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2008 06:47 PM
тАО02-19-2008 06:47 PM
Dear all,
Would like to know if it is possible to set the account lockout duration for Open VMS 7.3.2 user account to '0' (or until System Administrator unlocks the account?) For further elaboration, please refer below:
The "HP Advanced Server for OpenVMS
Server Administrator's Guide" provided the following guideline for setting the Account Lockout Duration:
"Whether a user account is locked out after a specified number of failed attempts to logon --- use the SET ACCOUNT POLICY/LOCKOUT=keyword command. To enable account lockout, you must specify the following three keywords and their values with the /LOCKOUT qualifier:
* ATTEMPTS=n, where n specifies the number of failed attempts to allow before locking the user account.
* DURATION=n, where n specifies the number of minutes before a locked account is automatically unlocked. The value of this parameter must be greater than, or equal to, the value set for the WINDOW parameter.
* WINDOW=n, where n specifies the number of minutes to wait after a user account has been locked out, before resetting the logon count."
The big question is, is it possible to set the "Duration=n" value to infinity/indefinite until the administrator unlocks the account?
For illustration purposes, in the Windows environment, it is possible to set the "account lockout duration" value to 0 using the Active Directory. This means the user account will be lockout indefinitely until the Security Administrator unlocks it.Hence, would like to know if it is possible to do the same for Open VMS 7.3.2 operating system.
Thanks in advance!
Would like to know if it is possible to set the account lockout duration for Open VMS 7.3.2 user account to '0' (or until System Administrator unlocks the account?) For further elaboration, please refer below:
The "HP Advanced Server for OpenVMS
Server Administrator's Guide" provided the following guideline for setting the Account Lockout Duration:
"Whether a user account is locked out after a specified number of failed attempts to logon --- use the SET ACCOUNT POLICY/LOCKOUT=keyword command. To enable account lockout, you must specify the following three keywords and their values with the /LOCKOUT qualifier:
* ATTEMPTS=n, where n specifies the number of failed attempts to allow before locking the user account.
* DURATION=n, where n specifies the number of minutes before a locked account is automatically unlocked. The value of this parameter must be greater than, or equal to, the value set for the WINDOW parameter.
* WINDOW=n, where n specifies the number of minutes to wait after a user account has been locked out, before resetting the logon count."
The big question is, is it possible to set the "Duration=n" value to infinity/indefinite until the administrator unlocks the account?
For illustration purposes, in the Windows environment, it is possible to set the "account lockout duration" value to 0 using the Active Directory. This means the user account will be lockout indefinitely until the Security Administrator unlocks it.Hence, would like to know if it is possible to do the same for Open VMS 7.3.2 operating system.
Thanks in advance!
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2008 07:38 PM
тАО02-19-2008 07:38 PM
Solution
Duplicate thread and duplicate question (probably yet another ITRC glitch); another and active thread is over at at:
http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1205318
http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1205318
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2008 07:45 PM
тАО02-19-2008 07:45 PM
Re: Account Lockout Setting on Open VMS 7.3.2 Operating System
Calene,
You want to look at the LGI* SYSGEN parameters.
LGI_BRK_DISUSER (D)
LGI_BRK_DISUSER turns on the DISUSER flag in the UAF record when an
attempted break-in is detected, thus permanently locking out that account. The
parameter is off ( 0 ) by default. You should set the parameter ( 1 ) only under
extreme security watch conditions, because it results in severely restricted user
service.
LGI_BRK_LIM (D)
LGI_BRK_LIM specifies the number of failures that can occur at login time
before the system takes action against a possible break-in. The count of failures
applies independently to login attempts by each user name, terminal, and node.
Whenever login attempts from any of these sources reach the break-in limit
specified by LGI_BRK_LIM, the system assumes it is under attack and initiates
evasive action as specified by the LGI_HID_TIM parameter.
The minimum value is 1. The default value is usually adequate.
LGI_BRK_TMO (D)
LGI_BRK_TMO specifies the length of the failure monitoring period. This time
increment is added to the suspect├в s expiration time each time a login failure
occurs. Once the expiration period passes, prior failures are discarded, and the
suspect is given a clean slate.
LGI_HID_TIM (D)
LGI_HID_TIM specifies the number of seconds that evasive action persists
following the detection of a possible break-in attempt. The system refuses to
allow any logins during this period, even if a valid user name and password are
specified.
LGI_RETRY_LIM (D)
LGI_RETRY_LIM specifies the number of retry attempts allowed users
attempting to log in. If this parameter is greater than 0, and a legitimate user
fails to log in correctly because of typing errors, the user does not automatically
lose the carrier. Instead (provided that LGI_RETRY_TMO has not elapsed),
by pressing the Return key, the user is prompted to enter the user name and
password again. Once the specified number of attempts has been made without
success, the user loses the carrier. As long as neither LGI_BRK_LIM nor LGI_
BRK_TMO has elapsed, the user can dial in again and reattempt login.
LGI_RETRY_TMO (D)
LGI_RETRY_TMO specifies the number of seconds allowed between login retry
attempts after each login failure. (Users can initiate login retries by pressing the
Return key.) This parameter is intended to be used with the LGI_RETRY_LIM
parameter; it allows dialup users a reasonable amount of time and number of
opportunities to attempt logins before they lose the carrier.
You want to look at the LGI* SYSGEN parameters.
LGI_BRK_DISUSER (D)
LGI_BRK_DISUSER turns on the DISUSER flag in the UAF record when an
attempted break-in is detected, thus permanently locking out that account. The
parameter is off ( 0 ) by default. You should set the parameter ( 1 ) only under
extreme security watch conditions, because it results in severely restricted user
service.
LGI_BRK_LIM (D)
LGI_BRK_LIM specifies the number of failures that can occur at login time
before the system takes action against a possible break-in. The count of failures
applies independently to login attempts by each user name, terminal, and node.
Whenever login attempts from any of these sources reach the break-in limit
specified by LGI_BRK_LIM, the system assumes it is under attack and initiates
evasive action as specified by the LGI_HID_TIM parameter.
The minimum value is 1. The default value is usually adequate.
LGI_BRK_TMO (D)
LGI_BRK_TMO specifies the length of the failure monitoring period. This time
increment is added to the suspect├в s expiration time each time a login failure
occurs. Once the expiration period passes, prior failures are discarded, and the
suspect is given a clean slate.
LGI_HID_TIM (D)
LGI_HID_TIM specifies the number of seconds that evasive action persists
following the detection of a possible break-in attempt. The system refuses to
allow any logins during this period, even if a valid user name and password are
specified.
LGI_RETRY_LIM (D)
LGI_RETRY_LIM specifies the number of retry attempts allowed users
attempting to log in. If this parameter is greater than 0, and a legitimate user
fails to log in correctly because of typing errors, the user does not automatically
lose the carrier. Instead (provided that LGI_RETRY_TMO has not elapsed),
by pressing the Return key, the user is prompted to enter the user name and
password again. Once the specified number of attempts has been made without
success, the user loses the carrier. As long as neither LGI_BRK_LIM nor LGI_
BRK_TMO has elapsed, the user can dial in again and reattempt login.
LGI_RETRY_TMO (D)
LGI_RETRY_TMO specifies the number of seconds allowed between login retry
attempts after each login failure. (Users can initiate login retries by pressing the
Return key.) This parameter is intended to be used with the LGI_RETRY_LIM
parameter; it allows dialup users a reasonable amount of time and number of
opportunities to attempt logins before they lose the carrier.
Bill Hall
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP