HPE Community
Operating System - OpenVMS
1752291 Members
4824 Online
108786 Solutions
New Discussion

Re: Password Policy preventing access to MP Console

 
SOLVED
Go to solution
Maddog1
Advisor

‎06-28-2011 06:59 AM

‎06-28-2011 06:59 AM

Password Policy preventing access to MP Console

Since implementing the password policy, it seems the password MP uses to access the Console is not 'strong' enough and it shows the message  

%SYSTEM-F-PWDPOLICY, Password does not conform to security policy

 

Preventing me from getting to the console to login.

 

Where is this password and can it be easily changed?

0 Kudos
Reply
8 REPLIES 8
Volker Halle
Honored Contributor

‎06-28-2011 07:12 AM - edited ‎06-28-2011 07:14 AM

‎06-28-2011 07:12 AM - edited ‎06-28-2011 07:14 AM

Re: Password Policy preventing access to MP Console

This error message does NOT seem to be a standard OpenVMS message.

 

It may be returned by the VMS$PASSWORD_POLICY example program, if password checking has been implemented. It also does not seem to have anything to do with logging in via the MP (Management Processor).

 

Please explain, under which circumstances you are seeing this message.

 

Volker.

Reply
John Gillings
Honored Contributor

‎06-28-2011 05:32 PM

‎06-28-2011 05:32 PM

Re: Password Policy preventing access to MP Console

maddog,

  that's very odd! Although it looks like a real OpenVMS message, it isn't:

 

$ pipe lib/extr=$ssdef/out=sys$output sys$share:starlet/macro | search sys$pipe pwdpolicy
%SEARCH-I-NOMATCHES, no strings matched

 

That means someone is forging system-like messages, so I'd be VERY wary about entering passwords, in case they're being captured.

 

Please describe the exact set of steps that are leading to this message. What you're attempting to do. What you're doing, what you're getting prompted and where you're typing.

(what moron designed this ITRC interface? The only way to paste text is via a dialog box???)

A crucible of informative mistakes
Reply
Maddog1
Advisor

‎06-29-2011 08:58 AM

‎06-29-2011 08:58 AM

Re: Password Policy preventing access to MP Console

The message is generated by the program linked to the VMS$PASSWORD_POLICY

I run after a reboot the following command file.

Set NoOn

$! install and configure the site-local password policy module

$INSTALL ADD SYS$LIBRARY:VMS$PASSWORD_POLICY/OPEN/HEAD/SHARE

$RUN SYS$SYSTEM:SYSMAN

PARAMETER USE ACTIVE

PARAMETER SET LOAD_PWD_POLICY 1

PARAMETER WRITE ACTIVE

EXIT

$!Restart ACME Server

$ SET SERVER ACME/RESTART

$EXIT

 

The problem is I can login to the MP but when I take the CO option, I can't get the signon screen to log into VMS.

It just seems to display that message.

 

If I don't run the command file, I can access the console fine.

 

 

0 Kudos
Reply
Duncan Morris
Honored Contributor

‎06-29-2011 09:28 AM

‎06-29-2011 09:28 AM

Re: Password Policy preventing access to MP Console

Hi,

 

it sounds suspiciously like you may have automatic login enabled for the console, or a custom ACME server.

 

Try MC SYSMAN ALF SHOW *

 

If you do not run the password policy command procedure, do you get a username/password prompt when you select the CO option, or do you simply get straight to the DCL command line?

 

 

0 Kudos
Reply
The Brit
Honored Contributor

‎06-29-2011 09:51 AM

‎06-29-2011 09:51 AM

Re: Password Policy preventing access to MP Console

You dont say if this is a Blade Server or a Rackmount Itanium.     There are some differences in the Command menu's.

 

Entering CO should not trigger any Password checking (unless as pointed out above, the console is set for Auto Login).     If ALF is configured, and the default MP credentials are being used, then this might trigger the error you are getting.    Alternatively, if ALF is configured, then the credentials for the AutoLogin user account dont meet the policy requirements.

 

To get to the MP Passwords on a Blade system, after logging in, at the MP prompt, enter CM.   This gives the Command Menu.   LI(st) will then give you the list of available commands.     I think the account passwords are controlled through the UC command (User Configuration.)

 

Warning, if you change the Default Admin account password, and then forget the new one, resetting back to default is a pain in the butt, so be sure to remember the new password.

 

Dave.

 

 

0 Kudos
Reply
Maddog1
Advisor

‎06-30-2011 05:48 AM

‎06-30-2011 05:48 AM

Re: Password Policy preventing access to MP Console

The Itanium is a RX2660, not a blade.

After typing CO, you get shoudl get the normal VMS sign on screen, not a dollar prompt, unless it has been left logged in before Ctl-B is done.

I think as there is no time associated with the password messages, maybe I have been misled by these.

I have tried Ctl-E cf, just in case it has been locked for write on another session, but this doesn't work either.

 

I will have time tonight to investigate further to provide more information.

0 Kudos
Reply
Bill Hall
Honored Contributor

‎06-30-2011 07:48 AM

‎06-30-2011 07:48 AM

Solution

Re: Password Policy preventing access to MP Console

Sounds like a process has OPA0: allocated.  Login and do a $show term opa0:/full.

 

Bill

Bill Hall
0 Kudos
Reply
Maddog1
Advisor

‎07-01-2011 09:10 AM

‎07-01-2011 09:10 AM

Re: Password Policy preventing access to MP Console

Thanks. The password messages were a smokescreen. It is the ACME_SERVER owning OPA0:
Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.