HPE Community
Operating System - OpenVMS
1753767 Members
5394 Online
108799 Solutions
New Discussion

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

 
deblaisdell
Occasional Advisor

‎08-05-2021 08:14 AM

‎08-05-2021 08:14 AM

What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

I'm new to this forum.

Please, what specific documentation covers the specific details of the OpenVMS TCPIP$ accounts for TCP/IP Services.

I'm trying to find out what the impact would be if the password for these accounts were to be reset.  None of the HP TCP/IP Services for OpenVMS documentation I have looked through has the information I need.

The TCP/IP Services OpenVMS accounts of interest are:
TCPIP$DHCP
TCPIP$FTP
TCPIP$NTP
TCPIP$REXE
TCPIP$RSH
TCPIP$SMTP
TCPIP$SSH
TCPIP$TELNET
 
0 Kudos
Reply
4 REPLIES 4
Volker Halle
Honored Contributor

‎08-05-2021 10:17 AM

‎08-05-2021 10:17 AM

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

These accounts are service account and not used for interactive login and therefore don't have any passwords.

Volker.

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎08-05-2021 01:59 PM - edited ‎08-05-2021 02:00 PM

‎08-05-2021 01:59 PM - edited ‎08-05-2021 02:00 PM

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

> I'm trying to find out what the impact would be if the password for
> these accounts were to be reset. [...]

   "passwords", plural.  I'd guess none.  Dare one ask why?  Is there
some actual problem which you are trying to solve?


> [...] not used for interactive login and therefore don't have any
> passwords.

   Half right.

UAF> show /full TCPIP$SMTP
[...]
Last Login:            (none) (interactive),  5-AUG-2021 15:23 (non-interactive)
[...]

ITS $ set ho 0
[...]

Username: TCPIP$SMTP
Password: <none>
User authorization failure
%REM-S-END, control returned to node LOCAL:.ITS::


They _have_ passwords, but no one knows or cares what they are.  I
see some AUTHORIZE stuff in SYS$MANAGER:TCPIP$CONFIG.COM, and a "set
password /generate".  Look for "password".

   With a little effort, you ought to be able to steal some code from
that DCL script, and generate fresh passwords the same way that the
originals were generated.  Why you'd want to touch any of this is a
mystery, however.

0 Kudos
Reply
deblaisdell
Occasional Advisor

‎08-06-2021 07:09 AM

‎08-06-2021 07:09 AM

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

Thank you for the response.

In response to your queries, "Dare one ask why?  Is there some actual problem which you are trying to solve?" => There was a high level management directive to change the passwords on all accounts.  If we are recommending not to change passwords on any accounts, we have to have "acceptable" justification.

I would prefer not to touch these accounhts.  The fact that the TCP/IP Services documentation does not specifically talk about these accounts leads me to believe they should not be touched.

 

0 Kudos
Reply
Steven Schweda
Honored Contributor

‎08-06-2021 10:22 AM

‎08-06-2021 10:22 AM

Re: What documentation covers the specific details of the TCPIP$ accounts for TCP/IP svcs?

> [...] There was a high level management directive [...]

   Naturally.  Has anyone there considered the correlation between
mandatory password changes and the incidence of passwords stored on
Post-it notes?

   Unless someone has fiddled with them, these accounts have randomly
generated passwords which no one ever knew (and no one ever uses).

   About the best you could do when you change them would be to repeat
the original procedure, so that you'd end up with randomly generated
passwords which no one knows (and no one will ever use).  (Although you
could make them a little longer.)  Doesn't sound to me like a big
improvement.

> [...] The fact that the TCP/IP Services documentation does not
> specifically talk about these accounts leads me to believe they should
> not be touched.

   It'd be a waste of time and effort, but it might be more effort to
explain that to the sub-genius policy-makers.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.