- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Applying a wait after authorization failures durin...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2006 10:19 PM
тАО04-03-2006 10:19 PM
Hi,
I want to define a minimum time for the log-on procedure in order to limit the speed of brute-force attacks. So I want to define a wait after the system has responded with "User authorization failure".
I know that the maximum time-out for a user to enter his username and password can be modified with the SYSGEN parameter LGI_PWD_TMO. However I want to do the oposite, define a waiting time after authorization failures.
I also know that there are other parameters for this such as the following, however they seem not to do what I want. The LGI_BRK_TMO comes close but this waiting time is only effective after some-one is locked out, right?
LGI_BRK_LIM
LGI_HID_TIM
LGI_BRK_TMO
Regards,
Dave Laurier
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2006 10:44 PM
тАО04-03-2006 10:44 PM
Re: Applying a wait after authorization failures during log-on
The OpenVMS support for "evasive action" will block logins for a limited amount of time, which is the behavior that you probably desire.
I suggest that you review the writeup in Chapter 7 of the "OpenVMS Guide to System Security", particularly the section on the Intrusion Database (pp 157, et seq.), particularly the comments about the various LGI_* parameters (pp 159, et seq.).
I hope that the above is helpful.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2006 11:14 PM
тАО04-03-2006 11:14 PM
Re: Applying a wait after authorization failures during log-on
the LGI_BRK_TERM parameter, so that LOGINOUT can detect breakin attempts across different terminal names.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-03-2006 11:31 PM
тАО04-03-2006 11:31 PM
Re: Applying a wait after authorization failures during log-on
Hi guys,
Thanks for the suggestions, however my intentions are different.
I want to have a defined time-frame between two authorization attempts.
I know I can configure things such that the user is blocked at the first failed authorization attempt and that there can be a wait time-frame then.
However I would like to configure things such that for instance a user is locked out for 10 minutes after 5 failed authorization attempts and in between the failed authorization attempts I want to wait 10 seconds before providing the login prompt again.
This could result in 5 x 10 seconds delay and then 10 minutes lock out.
Regards,
Dave
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-04-2006 12:16 AM
тАО04-04-2006 12:16 AM
SolutionI think you have to write a LOGINOUT callout, as described in the Utility Routines Manual, chapter 14.
Take a good look at the example.
The "callout_authenticate" routine in the example looks promising. Upon failure to authenticate, you could write a LIB$WAIT before returning to LOGINOUT.EXE.
Regards,
Kris (aka Qkcl)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-04-2006 12:29 AM
тАО04-04-2006 12:29 AM
Re: Applying a wait after authorization failures during log-on
Hi Kris,
This looks promising indeed! I think this functionality will allow me to customize the login procedure to my needs.
Thanks!
Dave Laurier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-04-2006 12:48 AM
тАО04-04-2006 12:48 AM
Re: Applying a wait after authorization failures during log-on
Indeed this may do what I was looking for although it requires writing the software instead of simply configuring the functionality. However, that is not a problem as I have been programming C for quite some time on OpenVMS.
Those that read this thread in the future may be interested in the functionality behind LOGINOUT:
The OpenVMS login security program (LOGINOUT.EXE) supports calls to site-specific routines (LOGINOUT callout routines). These callout routines support custom login security programs such as smart card programs, pocket authenticator programs, and other alternative identification and authentication programs. The callout routines permit sites to combine portions of the LOGINOUT security policy functions with site login security functions to establish a customized login security environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-04-2006 12:49 AM
тАО04-04-2006 12:49 AM
Re: Applying a wait after authorization failures during log-on
Adapted solution for this problem is to write a site specific LOGINOUT call-out routine.