- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: password complexity enforcement for OpenVMS 7....
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 05:24 AM
тАО01-22-2009 05:24 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
Username: huber
Password:
Welcome ...
MPIW12_HUB>mcr sysgen
SYSGEN> SHOW LOAD_PWD_POLICY
Parameter Name Current Default Min. Max. Unit Dynamic
-------------- ------- ------- ------- ------- ---- -------
LOAD_PWD_POLICY 1 0 0 1 Boolean D
SYSGEN> Exit
MPIW12_HUB>set password
%LIB-F-ACTIMAGE, error activating image SYS$LIBRARY:VMS$PASSWORD_POLICY.EXE
-SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged imag
e
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 06:30 AM
тАО01-22-2009 06:30 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
If you have questions, it's a whole lot easier (for me and then for any other folks that are subsequently looking at the article) if the questions are posted over at /node/643. Accounts are free, too. (I have enabled the registration process to keep the site from filling from spam.)
I've updated the comments in the article to more explicitly point to the need of some DCL commands in the system startup or in a filter-specific startup procedure.
The security auditors love this password character selection stuff. It doesn't work, though. It's akin to reorganizing the deck chairs on the Titanic. Password-based authentication is among the weakest options, and it's particularly bad when combined with telnet and ftp and such; cleartext authentication protocols.
Some related reading:
http://64.223.189.234/node/229
Then...
http://64.223.189.234/node/219
http://64.223.189.234/node/526
http://64.223.189.234/node/832
I've also added a passwords tag to the HL site, and sprinkled it around various of the password-related sites.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 06:43 AM
тАО01-22-2009 06:43 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
I kept notes on what i have to do to enable password filtering. The only thing I have to do is to write a command procedure which will include the INSTALL and sysgen invocation. After that I have to update systartup_vms.com to call at the bottom the newly created procedure.
Since you mentioned clear text transmission of passwords over telnet & ftp, does this password filtering work over ssh?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 07:22 AM
тАО01-22-2009 07:22 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
thus the password in a SET PASSWORD command is encrypted.
This has in particular nothing to do with password policy, it is just the purpose and result of the SSH connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 07:27 AM
тАО01-22-2009 07:27 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2009 07:51 AM
тАО01-22-2009 07:51 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
Better to spend the effort here moving forward to V7.3-2 (which itself is ancient, albeit with Prior Version Support still available) or (better) upgrading to the current OpenVMS Alpha V8.3 release.
Moving from V7.3-1 to V8.3 is arguably not a major upgrade for OpenVMS Alpha; there were minor kernel changes all through the range, and the V7 to V8 upgrade did not (on OpenVMS Alpha) involve significant kernel changes. In retrospect, the TQE kernel change from V7.3-1 to V7.3-2 probably caused more ripples than V7 to V8.
OpenVMS Alpha V8.3 also adds external authentication into your local LDAP (Active Directory or Open Directory or otherwise) and various other password-related features.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2009 05:42 AM
тАО01-23-2009 05:42 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
Is there a way that we can tell somehow OpenVMS 7.3-1 to accept and interpret case sensitive passwords?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2009 09:17 AM
тАО01-23-2009 09:17 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
No.
A requirement for mixed-case passwords is not compatible with continued use of OpenVMS Alpha V7.3-1.
AFAIK, there is no back-port available. (This back-port would likely involve changes made to multiple OpenVMS modules and components, too. It's not a single and isolated change.)
Your choice here is between use of uppercase passwords and upgrading OpenVMS Alpha.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2009 12:59 AM
тАО01-24-2009 12:59 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
Regarding UAF.ALPHA_EXE I observed that I cannot run a query at UAF records having /SELECT=flag=pwdmix.
Also, when I ask to print out the flags a user has, using /DISPLAY=(username,flags), although flag /pwdmix has been assigned and show user displays among other flags pwdmix as well, all other flags are displayed apart from pwdmix.
Do you if there is an updated UAF.ALPHA_EXE which may run queries based on flag=pwdmix?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2009 05:08 AM
тАО01-26-2009 05:08 AM
Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2
(I myself have no VMS version new enough).
Extract module UAFDEF from sys$library:sys$lib_c.tlb.
Look for the flag bits inserted after DISPWDHIS ,
add the new ones in the files uafcld.cld and uaf_cld.h, @compile.
I think that should do it.