HPE Community
Operating System - OpenVMS
1752275 Members
5025 Online
108786 Solutions
New Discussion

Re: Hi all can you please guide me how to implement Password security

 
SOLVED
Go to solution
Duncan Morris
Honored Contributor

‎12-01-2011 02:41 AM

‎12-01-2011 02:41 AM

Re: Hi all can you please guide me how to implement Password security

Prakash,

 

Hoff is correct.

 

The command line ends with SYS$INPUT/OPTION

Therefore no hyphen.

 

the following line is not part of the COMMAND line - but is actually the start of the option file defined as SYS$INPUT

 

Duncan

0 Kudos
Reply
Hoff
Honored Contributor

‎12-01-2011 06:34 AM

‎12-01-2011 06:34 AM

Re: Hi all can you please guide me how to implement Password security

Rather than your reply here, it would have taken you rather less time to have removed that hyphen and tested the command as was suggested, or cut and pasted the command from the comments and tested that, no?

 

I've already explained why that hyphen is wrong.

 

I'll try again.

 

A hyphen is for a command continuation.

 

That symbol vector chatter is not a command continuation.  

 

It is some data that will be read by the program.  

 

That data could be located in an external file but both for bevity and to avoid scattering the operations over multiple files, the data was placed in the command input stream (SYS$INPUT) for the application (the LINKER) to read, and the application was told its data was available at SYS$INPUT.  

 

The application will then read that data until the End Of File (EOF) (a line beginning with the $ sign, by default, in the command input stream) and processes it according to the application's programming.

 

There is no hyphen, because the data is not part of the DCL command, any more than any particular application input file is part of a DCL command or program invocation.

 

Read the OpenVMS User's Manual, in the OpenVMS documentation set.  That document provides an introduction and general explaination of DCL syntax.  This command syntax is clearly a little more advanced than might be familiar to you.

 

0 Kudos
Reply
prakashsmtr
Advisor

‎12-01-2011 07:11 AM

‎12-01-2011 07:11 AM

Re: Hi all can you please guide me how to implement Password security

Hi Haff/All,

 

Sorry for your precious time, got the point. but indeed i tried before replying also.

 

ran with no hypen, still no success. It stays in same status for long time then if press any thing line letter "a" as below or any thing...it shows error as below.

 

$LINK/SHAREABLE/SYSEXE VMS$PASSWORD_POLICY+SYS$INPUT:/OPTIONS
SYMBOL_VECTOR=(POLICY_PLAINTEXT=PROCEDURE,POLICY_HASH=PROCEDURE)

.
a
%LINK-F-OPENIN, error opening PROG01:[SYS_PRAKASH]A.OBJ; as input
-RMS-E-FNF, file not found

0 Kudos
Reply
Martin Vorlaender
Honored Contributor

‎12-01-2011 07:46 AM

‎12-01-2011 07:46 AM

Re: Hi all can you please guide me how to implement Password security

If you're entering the linker command (plus the data line) interactively, close the data line with a press of Ctrl-Z.

The lines as shown work when put in a DCL procedure file.

 

HTH

 

Martin 

0 Kudos
Reply
prakashsmtr
Advisor

‎12-01-2011 10:03 AM - edited ‎12-01-2011 10:05 AM

‎12-01-2011 10:03 AM - edited ‎12-01-2011 10:05 AM

Re: Hi all can you please guide me how to implement Password security

Hi Matin, Haff,

 

Thanks for your help...I think I should have checked by home directory before replying....thanks for your help.

 

it's working now...

 

$ dir vms*/da/siz

Directory USERDISK:[SYS_PRAKASH] 

 

VMS$PASSWORD_POLICY.EXE;3                            7   1-DEC-2011 17:22:24.15
VMS$PASSWORD_POLICY.EXE;2                            7   1-DEC-2011 14:59:34.32
VMS$PASSWORD_POLICY.EXE;1                           7   1-DEC-2011 14:44:03.73
VMS$PASSWORD_POLICY.MAR;1                          18  30-NOV-2011 16:54:00.12
VMS$PASSWORD_POLICY.OBJ;1                           4  30-NOV-2011 16:55:52.50

 

But one more help....my environment requires 

 

Passwords must include an alpha, a numeric, and a punctuation character. Please advise what are lines I need to uncomment...if possible, as i know less on Assembly codes/Macro... Please

 

CharTab:  ; ASCII table, defines character types
          ;  Confirm that the following table of ASCII characters matches
          ;  your local requirements before deployment of this module.
          ;
          ;  1 = Control
          ;  2 = Special
          ;  3 = Numeric
          ;  4 = Uppercase
          ;  5 = Lowercase
          ;  6 = Invalid
          ;
          ;   NUL SOH STX ETX EOT ENQ ACK BEL BS  HT  LF  VT  FF  CR  SO  SI
.BYTE 6,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1
          ;
          ;   DLE DC1 DC2 DC3 DC4 NAK SYN ETB CAN EM  SUB ESC FS  GS  RS  US
.BYTE 1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1,  1
          ;
          ;   SP  !   "   #   $   %   &   '   (   )   *   +   ,   -   .   /
.BYTE 1,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2,  2
          ;
          ;   0   1   2   3   4   5   6   7   8   9   :   ;   <   =   >   ?
.BYTE 3,  3,  3,  3,  3,  3,  3,  3,  3,  3,  2,  2,  2,  2,  2,  2
          ;
          ;   @   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O
.BYTE 2,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4
          ;
          ;   P   Q   R   S   T   U   V   W   X   Y   Z   [   \   ]   ^   _
.BYTE 4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  4,  3,  3,  3,  3,  3         
          ;
          ;   `   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o
.BYTE 3,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5
          ;
          ;   p   q   r   s   t   u   v   w   x   y   z   {   |   }   ~   DEL
.BYTE 5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  5,  3,  3,  3,  3,  6

0 Kudos
Reply
Martin Vorlaender
Honored Contributor

‎12-01-2011 07:43 PM

‎12-01-2011 07:43 PM

Re: Hi all can you please guide me how to implement Password security

The table you cited tells the program which class (Control, Special, etc.) each character belongs to. Further down in the MACRO source each incoming character is counted according to the table. After that comes a series of tests - these tests implement your password policy. Remove the comment characters (the leading semicolons) from each of the tests that you want the program to use:

 

; uncomment and/or alter the following code to make decisions
; based on the required password policy around the characters
; present in the password.
;
; TSTL CountSpecial
; BEQL bad
; TSTL CountNumeric
; BEQL bad
; TSTL CountUpper
; BEQL bad
; TSTL CountLower
; BEQL bad

 

(each test consists of oneTSTL line and the following BEQL line)

 

HTH,

 

Martin

0 Kudos
Reply
Duncan Morris
Honored Contributor

‎12-02-2011 03:26 AM

‎12-02-2011 03:26 AM

Re: Hi all can you please guide me how to implement Password security

You might also want to alter the classification of some of those special characters.

 

As the table currently stands, several of the "punctuation" characters are in class 3 (numeric) rather than class 2 (special).

 

For example:  [ \ ] ^ _ are set as class 3, as are { | } ~

 

For one particular client I have amended the tables to change these, and to allow the UK pound sign. We also disallowed the quote characters to avoid problems with scripts and decnet.

 

I have attached the modified table.

 

We also allowed the user to use any 3 of uppercase, lowercase, numeric, and special characters, as some 3rd party software could not handle mixed case alphabetics. This is reflected in the code snippet after the table.

 

For your stated requirement, you could use:

 

        TSTL CountSpecial
        BEQL bad
        TSTL CountNumeric
        BEQL bad
        ADDL3 CountUpper, CountLower, R4
        BEQL bad

 

 

 

Duncan

 

 

0 Kudos
Reply
Ankur007
Occasional Advisor

‎07-04-2013 04:58 AM

‎07-04-2013 04:58 AM

Solution

Re: Hi all can you please guide me how to implement Password security

Hi All,

 

Thanks for all the help , However i found macro very difficult to understand.

 

I have developed a cxx program ( as we have cxx complier only on our server ) to fulfill the requirement. And it woked fine.

 

In case i require any help i will be posting soon.

 

Thanks again All.

 

Kind Regards

Ankur

0 Kudos
Reply
Ankur007
Occasional Advisor

‎07-04-2013 05:01 AM

‎07-04-2013 05:01 AM

Re: Hi all can you please guide me how to implement Password security

Difficulty in adding attachment , hence type the program

 

Ankur>type VMS$PASSWORD_POLICY.CXX;1
/**************************************************************************|
| Program     - VMS$PASSWORD_POLICY.CXX                                    |
| System      - OpenVMS Alpha 8.3                                          |
| Function    - Enfore Password Policy for password change                 |
|                                                                          |
| Date        - 30-Apr-12                                                  |
| Author(s)   - Ankur Saxena  (VMS Admin)                                  |
| Description - This program enforces Specific Password Policy      |
|          for all the users who tries to change password on TOS           |
|**************************************************************************/
/**************************************************************************|
|       --------------------                                               |
|       Modification History                                               |
|       --------------------                                               |
|       Version Date            Initial Amendment                          |
|       ======= ====            ======= =========                          |
|                                                                          |
|**************************************************************************/
#include <iostream>         /* Standard C++ Definitions    */
#include <ctype.h>          /* ispunct , isdigit , isalpha */
#include <starlet.h>        /* System Service Prototypes   */
#include <stdio.h>          /* printf                      */
#include <descrip.h>        /* Descriptor Definitions      */
#include <ssdef.h>          /* SS$_ Message Codes          */
#include <str$routines.h>   /* OpenVMS prototype files     */
/*
| The Below function overrides the global function "Policy_plaintext"
| called for "SET PASSWORD" command
*/
extern "C" int policy_plaintext( struct dsc$descriptor *password, struct dsc$des
criptor *username )
{
int len   = password->dsc$w_length;
char *str = password->dsc$a_pointer;
int i;
int ltr   = 0;
int numb  = 0;
int symb  = 0;
for(i=0;i<len;i++)
{
if(isalpha(str[i]))      ltr  += 1;
else if(isdigit(str[i])) numb += 1;                                            
    
else if(ispunct(str[i])) symb += 1;
}
if (ltr == 0 || numb == 0 || symb == 0)
{
printf("\nPassword must have mix of Alpha, Numeric and Punctuation characters( $
 or _ )\n" );
return SS$_PWDWEAK;
}
else
{
printf("\nPassword ok for %s",username->dsc$a_pointer);
return SS$_NORMAL;
}
}
/*
| The Below function overrides the global function "policy_hash"
| called for "SET PASSWORD" command
*/
extern "C" int policy_hash( int password[2], struct dsc$descriptor *username )
{
    return SS$_NORMAL;
}

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.