HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

PassGO. (Single password/synchronization across platforms) - any info?

 
Bob Talbot
Occasional Advisor

PassGO. (Single password/synchronization across platforms) - any info?

Hello..

Has anyone incorporated PassGo into their environments with intel-based systems and OpenVMS systems? I support the VMS side of things and the powers-that-be want us to incorporate PassGo to make it easier for the users. My concern is security. I researched the product but cannot find anything pertaining to OpenVMS except that it is one of the platforms the product can work with. We have a few 2-node clusters on the OpenVMS side that house our Payroll and Human Resource systems as well as other systems that has sensitive data. Any info would be much appreciated. Thanks.
2 REPLIES
Anton van Ruitenbeek
Trusted Contributor

Re: PassGO. (Single password/synchronization across platforms) - any info?

Bob,

Any password syncronisation program has a potential problem with security. In my mind: Never do this if your major concern is security !
If you want to be secure, never syncronise youre passwords with Unix and Windows systems. The passwords of these systems are very easy to break (I just read that it takes about 30 sec. to break an Windows XP pasword !) If you want to go for go easy for your users, also don't go for a PassGo or other products. The major problem here is, if at one time the syncroniser misses a pasword change, you don't know whitch and when the rigt password is. The best thing to do is eq. use kerberos or other 'ONE database' solutions.
Other very good working solution is use Advanced Server for password authentication. In this case you use the windows database for username/password checking. The rest (privileges etc.) will be checked within Authorize. The disadvantige is you use the Windows security (that realy sucks) but you have one security database, no synchronisation and other overhead and potential problems.
We looked a few years ago at PassGo since we where using Novell, M$Windows, Tru64 Unix and OpenVMS. Whe did not choose it because the potential problems.

AvR
NL: Meten is weten, maar je moet weten hoe te meten! - UK: Measuremets is knowledge, but you need to know how to measure !
Jan van den Ende
Honored Contributor

Re: PassGO. (Single password/synchronization across platforms) - any info?

I essentially support Anton's answer.
One thing: in the Mickeyware world, formally you DO use one database, but it has to be 'synchronised' )ie, replicated) over the various Domain Controllers. (Any login process uses one of the domain controllers, which only has a limited chance of being the controller on which the user did the change).
It CAN be quite annoying to explain to your users that they HAVE correctly changed their password, but that is is only valid in some ( say 10-15 minutes) time!

fwie,

Proost.

Have one on me.

Jan
Don't rust yours pelled jacker to fine doll missed aches.