HPE Community
Operating System - OpenVMS
1751710 Members
5067 Online
108781 Solutions
New Discussion юеВ

Logging In with No Password

 
Warren G Landrum
Frequent Advisor

тАО09-22-2010 10:25 AM

тАО09-22-2010 10:25 AM

Logging In with No Password

VMS Admins,


Within the last week, I have noted that 3 of the OpenVMS Alpha systems (version 7.1, 7.2-1H1 and 7.3-1) that I manage now allow my fully privileged account and the SYSTEM account to log in when telnetting or decnetting to them WITHOUT A PASSWORD.

Obviously, this is disturbing. I did not make any changes to these systems to allow them to function like this and I can't figure out how it was done or who did it, so I have a problem.

In regard to how it was done, do any of you have any ideas as to what I should check to turn off this aut-logon feature that has apparently been turned on somewhere?

Thanks!
0 Kudos
6 REPLIES 6
Joseph Huber_1
Honored Contributor

тАО09-22-2010 10:44 AM

тАО09-22-2010 10:44 AM

Re: Logging In with No Password

The only way this could happen is by modifying the accounts with
authorize account /NOPASSWORD
or changing the UAF file by some other means.

Reset it by setting a new password
SET PASSWORD
or
authorize mod account /PASSWORD=newpassword
http://www.mpp.mpg.de/~huber
0 Kudos
Warren G Landrum
Frequent Advisor

тАО09-22-2010 11:01 AM

тАО09-22-2010 11:01 AM

Re: Logging In with No Password

Brainfart on me.

When changing thosepasswords, i did a /nopasswdexp instead of /nopwdexp as I intended, so obviously, it just took the first 6 characters and set the accounts with no passwords.

Bad me!
0 Kudos
Joseph Huber_1
Honored Contributor

тАО09-22-2010 11:01 AM

тАО09-22-2010 11:01 AM

Re: Logging In with No Password

Have a look into the AUDIT log
(analyze/audit), and select AUTHORIZATION events to see if somebody else has done it.
Use SHOW AUDIT to see if these events are audited.

Also it is good to enable auditing
(SET AUDIT/ENABLE=(list) for
SYSPRV,BYPASS,CONTROL,PRIVILEGE
or
put and audit control ACL on SYSUAF.DAT
(see HELP AUDIT /ENABLE).

http://www.mpp.mpg.de/~huber
0 Kudos
Warren G Landrum
Frequent Advisor

тАО09-22-2010 11:03 AM

тАО09-22-2010 11:03 AM

Re: Logging In with No Password

I brain farted as indicated on my 2nd post in this thread!
0 Kudos
Hoff
Honored Contributor

тАО09-22-2010 11:57 AM

тАО09-22-2010 11:57 AM

Re: Logging In with No Password

There has effectively been no password configured for SYSTEM for some years now, based on your description of your network and access patterns. All you did here was enable that for yourself. Might as well leave it turned off, too.

0 Kudos
Richard J Maher
Trusted Contributor

тАО09-22-2010 02:36 PM

тАО09-22-2010 02:36 PM

Re: Logging In with No Password

I'm sure Warren is deploying IPsec via Process Software's Multinet, thereby transparently bullet-proof securing all his TELNET and DECnet-over-IP communications.

Cheers Richard Maher
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.