- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: What OpenVMS docs cover the specifics of the a...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-16-2021 06:19 AM
тАО08-16-2021 06:19 AM
What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
Please, what OpenVMS documentation covers the specific details of the UAF accounts created by NET$CONFIGURE.COM (FAL$SERVER, CML$SERVER, MAIL$SERVER, VPM$SERVER, MIRROR$SERVER, PHONE$SERVER, etc.)
Looking at the code it appears the accouts are given randomly generated passwords.
We have been given the task (by management) to change these account passwords.
The docs I have access to do not address this. I do not mind digging through docs, but I need to know what are the correct docs (that I can access) to look through.
I'm tring to find out what will be the impact if thise passwords are changed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-16-2021 06:58 AM
тАО08-16-2021 06:58 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
The answer is similar to your question for the TCPIP$* service accounts...
These are service accounts, no interactive login is possible and these accounts use generated passwords, which are not used, stored or known anywhere else.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-16-2021 08:04 AM
тАО08-16-2021 08:04 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
Is the system running DECnet Phase IV ??
If so, these passwords need to also be updated, using NCP, into the volatile (running system) and permanent (next boot) object database or any "anonymous" DECnet network services will no longer work.
I don't know about DECnet-Plus.
By the way, if this exercise is to improve security, you might want to invest the effort to researching the existing usage and removing the FAL$SERVER username. That can be considered a security hole.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-16-2021 08:51 AM
тАО08-16-2021 08:51 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
Dave,
the reference to NET$CONFIGURE.COM indicates, that this system is running DECnet-Plus. Passwords for this DECnet implementation are NOT stored in the network object database.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-17-2021 06:23 AM
тАО08-17-2021 06:23 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
"By the way, if this exercise is to improve security, you might want to invest the effort to researching the existing usage and removing the FAL$SERVER username. That can be considered a security hole."
Thank you for the information.
Please, where is it formally documented that FAL$SERVER is a security hole? Is there an IAVA or some other security report which I can access? A major issue is that the system documentation is very poor <...a brief pause while you gasp in shock...> as it relates to what UAF accounts listed are required for the system to run properly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-17-2021 06:46 AM
тАО08-17-2021 06:46 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
VSI OpenVMS Guide to System Security (vmssoftware.com)
talks a little bit about 'default DECnet accounts' - although for DECnet Phase IV.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-17-2021 12:35 PM
тАО08-17-2021 12:35 PM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
Perhaps "security hole" was not the best terminology. You'll have to research (google) how it can be used nefariously.
If you are looking for vendor documation:
https://vmssoftware.com/docs/VSI_DECnet_IV_Gd_to_Networking.pdf#page=51
In particular:
Do you want a default account for the FAL object? [NO]
VSI advises against creating a default account for the FAL object, except for systems with very low security requirements. If you do not want this account, press RETURN. If you want it, type YES and press RETURN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2021 05:33 AM
тАО08-19-2021 05:33 AM
Re: What OpenVMS docs cover the specifics of the accts created by NET$CONFIGURE.COM
Thank you for the information.
Regarding "VSI advises against creating a default account for the FAL object,..."
The risk is that (due to poor documenation) the systems running on the OpenVMS platforms do not indicate if FAL$SERVER account is needed to function. I believe it is going to be disabled and we will see what dependencies exist.