- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Can I specify some user whom never been disable by...
Operating System - OpenVMS
1752815
Members
5877
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2003 02:17 AM
тАО07-23-2003 02:17 AM
Can I specify some user whom never been disable by login fail?
My system set LGI_RETRY_LIM to 3, it means that any users on my system can try login not over 3 times or user must be disable. Am i right?
Can i specify some user can try any time and it never been disable by login fail?
Can i specify some user can try any time and it never been disable by login fail?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2003 05:47 AM
тАО07-23-2003 05:47 AM
Re: Can I specify some user whom never been disable by login fail?
Sorry but I'm not sure exactly waht you are trying to do. I understand that your question is regarding OpenVMS' break-in evasion.
There are several SYSGEN parameters that control how break-in evasion works. They are:
LGI_BRK_TERM
LGI_BRK_DISUSER
LGI_BRK_LIM
LGI_BRK_TMO
LGI_HID_TIM
If you enter the command below at the SYSGEN> prompt, it will discribe all of these.
SYSGEN> HELP SYS LGI
A USERNAME is only DISUSERed if LGI_BRK_DISUSER is set to 1 .AND. the USERNAME is entered when break-in evasion is in effect.
LGI_RETRY_LIM actually has nothing to do with break-in evasion and disusering. LGI_RETRY_LIM is the number of attempts of USERNAME/PASSWORD that can be made before carrier is lower or a network link is broken. I think you may be confusing LGI_RETRY_LIM and LGI_BRK_LIM.
Todd
There are several SYSGEN parameters that control how break-in evasion works. They are:
LGI_BRK_TERM
LGI_BRK_DISUSER
LGI_BRK_LIM
LGI_BRK_TMO
LGI_HID_TIM
If you enter the command below at the SYSGEN> prompt, it will discribe all of these.
SYSGEN> HELP SYS LGI
A USERNAME is only DISUSERed if LGI_BRK_DISUSER is set to 1 .AND. the USERNAME is entered when break-in evasion is in effect.
LGI_RETRY_LIM actually has nothing to do with break-in evasion and disusering. LGI_RETRY_LIM is the number of attempts of USERNAME/PASSWORD that can be made before carrier is lower or a network link is broken. I think you may be confusing LGI_RETRY_LIM and LGI_BRK_LIM.
Todd
OpenVMS is here to stay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-23-2003 09:36 AM
тАО07-23-2003 09:36 AM
Re: Can I specify some user whom never been disable by login fail?
If I understand your first question, the answer is NO. The SYSGEN parameter does not support an exclusion by username. All users are treated equally for this purpose. So you cannot say, "This user will never be disabled by repeated login failure."
The second question is also NO, though in this case it is a qualified NO. Another parameter called LGI_BRK_DISUSER separately determines whether the account is DISUSER'd after being declared as an intruder. So I guess the exact answer is "It depends." But if you had set LGI_BRK_DISUSER to 1, then the user would, indeed, be disabled. And the LGI_RETRY_LIM of 3 does mean that 3 failures can trigger the evasion. Of course, don't forget that there is also a timeout. It has to be LGI_RETRY_LIM failures in LGI_BRK_TMO seconds to enable the evasion mode.
The second question is also NO, though in this case it is a qualified NO. Another parameter called LGI_BRK_DISUSER separately determines whether the account is DISUSER'd after being declared as an intruder. So I guess the exact answer is "It depends." But if you had set LGI_BRK_DISUSER to 1, then the user would, indeed, be disabled. And the LGI_RETRY_LIM of 3 does mean that 3 failures can trigger the evasion. Of course, don't forget that there is also a timeout. It has to be LGI_RETRY_LIM failures in LGI_BRK_TMO seconds to enable the evasion mode.
Sr. Systems Janitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-15-2003 11:23 PM
тАО08-15-2003 11:23 PM
Re: Can I specify some user whom never been disable by login fail?
VMS tracks the source of the intrusion. So, if you have several fat-finger tries from the same IP address, aLL users from that source are locked out once that the limit is reached.
In a networked environment where multiple users are coming from a NAT'ed address behind a firewall, from your systems standpoint, they all appear to be coming from the same IP address, But using different ports.
Example. Say your system is in St. Louis. You have offices on the east and west coast where users are trying to access your system. Once that the intrusion record is set for that IP address, all new logon access from that IP/remote site is shut off until the intrusion is cleared, or times out.
VMS SAN mechanic
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP