Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Logging In with No Password

Warren G Landrum
Frequent Advisor

Logging In with No Password

VMS Admins,


Within the last week, I have noted that 3 of the OpenVMS Alpha systems (version 7.1, 7.2-1H1 and 7.3-1) that I manage now allow my fully privileged account and the SYSTEM account to log in when telnetting or decnetting to them WITHOUT A PASSWORD.

Obviously, this is disturbing. I did not make any changes to these systems to allow them to function like this and I can't figure out how it was done or who did it, so I have a problem.

In regard to how it was done, do any of you have any ideas as to what I should check to turn off this aut-logon feature that has apparently been turned on somewhere?

Thanks!
6 REPLIES
Joseph Huber_1
Honored Contributor

Re: Logging In with No Password

The only way this could happen is by modifying the accounts with
authorize account /NOPASSWORD
or changing the UAF file by some other means.

Reset it by setting a new password
SET PASSWORD
or
authorize mod account /PASSWORD=newpassword
http://www.mpp.mpg.de/~huber
Warren G Landrum
Frequent Advisor

Re: Logging In with No Password

Brainfart on me.

When changing thosepasswords, i did a /nopasswdexp instead of /nopwdexp as I intended, so obviously, it just took the first 6 characters and set the accounts with no passwords.

Bad me!
Joseph Huber_1
Honored Contributor

Re: Logging In with No Password

Have a look into the AUDIT log
(analyze/audit), and select AUTHORIZATION events to see if somebody else has done it.
Use SHOW AUDIT to see if these events are audited.

Also it is good to enable auditing
(SET AUDIT/ENABLE=(list) for
SYSPRV,BYPASS,CONTROL,PRIVILEGE
or
put and audit control ACL on SYSUAF.DAT
(see HELP AUDIT /ENABLE).

http://www.mpp.mpg.de/~huber
Warren G Landrum
Frequent Advisor

Re: Logging In with No Password

I brain farted as indicated on my 2nd post in this thread!
Hoff
Honored Contributor

Re: Logging In with No Password

There has effectively been no password configured for SYSTEM for some years now, based on your description of your network and access patterns. All you did here was enable that for yourself. Might as well leave it turned off, too.

Richard J Maher
Trusted Contributor

Re: Logging In with No Password

I'm sure Warren is deploying IPsec via Process Software's Multinet, thereby transparently bullet-proof securing all his TELNET and DECnet-over-IP communications.

Cheers Richard Maher