- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: about the privilege for AUTHORIZE
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 06:40 PM
08-14-2005 06:40 PM
one account need access to UAF via MC AUTHORIZE, but i donot wanna give it more system privilege.
is there any privilege in category for this request ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 07:36 PM
08-14-2005 07:36 PM
Re: about the privilege for AUTHORIZE
What are you trying to acomplish?
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 07:56 PM
08-14-2005 07:56 PM
Re: about the privilege for AUTHORIZE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:07 PM
08-14-2005 08:07 PM
Re: about the privilege for AUTHORIZE
The best way would probably be to add an ACL on SYSUAF.DAT that allows the user to read it.
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:08 PM
08-14-2005 08:08 PM
Re: about the privilege for AUTHORIZE
An other option is to make a special account for this work. Where everything id done true a menu and the account has a captive flag. This way the can never work on the prompt.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:13 PM
08-14-2005 08:13 PM
Re: about the privilege for AUTHORIZE
another question: where can i check the history password retention value?
UAF>help default
just /pwdlifetime, /pwdminimum, /pwdexpired qualifiers in it.
i want to check and modify the value defined before. how can i do?
i'm a new manager, excuse me :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:34 PM
08-14-2005 08:34 PM
Re: about the privilege for AUTHORIZE
System Logical Name Default Min Max Units
SYS$PASSWORD_HISTORY_LIFETIME
365
1
28000
Days
SYS$PASSWORD_HISTORY_LIMIT
60
1
2000
Absolute count
see in the 'Guide to Security'.
regards kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:35 PM
08-14-2005 08:35 PM
Re: about the privilege for AUTHORIZE
another question: where can i check the history password retention value?
<<<
AFAIK, there's no such thing. The last 60 passwords are recorded, you can only enable or disable the check upon entering of a new password (see UAF flag DISPWDHIS).
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:41 PM
08-14-2005 08:41 PM
Re: about the privilege for AUTHORIZE
you mean that we just can enable/disable the password history function. but cannot define the value for system about how many pwd should be recorded ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 08:42 PM
08-14-2005 08:42 PM
Re: about the privilege for AUTHORIZE
welcome to vms forum :-)
I'm with Davor. For my user, I create a special user with a menu and Ctrl + Y disabled. They can see sysuaf but they cannot modify nothing.
About default, you can nest into help reading examples
UAF>HELP DEFAULT EXAMPLE
DEFAULT
example
UAF>DEFAULT -
/DEVICE=SYS$USER-
/LGICMD=SYS$MANAGER:SECURELGN -
/PRIVILEGES=(TMPMBX,GRPNAM,GROUP)
%UAF-I-MDFYMSG, user record(s) updated
The command in this example modifies the DEFAULT record,
changing the default device, default login command file, and default privileges.
Antonio Vigliotti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 09:11 PM
08-14-2005 09:11 PM
Solutionpls. see my last message, those limits can be modified with the mentioned logical names.
The lifetime specifies, how long passwords are stored in the history file, the limit defines the number of different passwords a user can use, if he needs more passwords, he will be switched to generated passwords.
That means, if you prolong the lifetime, you must also increase the limit. But this is all descibed in more better words in the 'Guide to system security':
http://h71000.www7.hp.com/doc/732FINAL/aa-rscub-te/aa-rscub-te.HTMl
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 09:13 PM
08-14-2005 09:13 PM
Re: about the privilege for AUTHORIZE
http://h71000.www7.hp.com/doc/732FINAL/aa-q2hlg-te/aa-q2hlg-te.HTMl
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2005 10:10 PM
08-14-2005 10:10 PM
Re: about the privilege for AUTHORIZE
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2005 01:31 AM
08-15-2005 01:31 AM
Re: about the privilege for AUTHORIZE
maybe i have a long way to go :)
need your help in the future ^_-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2005 02:28 AM
08-15-2005 02:28 AM
Re: about the privilege for AUTHORIZE
if the answers satisfied your needs, you cn show your appreciation of this free support by assigning points.
cu,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-16-2005 02:07 AM
08-16-2005 02:07 AM
Re: about the privilege for AUTHORIZE
I think you'll want to check out the GETUAI utility (Freeware).
The reason I say that is this:
the documentation for the SYS$GETUAI service says that a user always has the right to call this service to get information about their own username.
Robert
Here is an excerpt:
Description
The Get User Authorization Information service returns authorization information about a specified user.
The contxt value returned by $GETUAI should never be used as a value to the $SETUAI system service.
You examine for a valid login by checking the bits of UAI$V_PWD_EXPIRED and UAI$V_DISUSER, and by doing a comparison of the UAI$_PWD_DATE item code against the UAI$_PWD_LIFETIME item code.
The UAI$V_PWD_EXPIRED bit is only set by the system when the bit UAI$V_DISFORCE_PWD_CHANGE is set in the user's SYSUAF record and the comparison between the UAI$_PWD_DATE and UAI$_PWD_LIFETIME indicates a password is past its valid life.
During a normal login when the UAI$V_DISFORCE_PWD_CHANGE bit is not set, the system compares VAI$_PWD_DATE against UAI$_PWD_LIFETIME and, if expired, forces the user to change the password. With this configuration, the UAI$V_PWD_EXPIRED bit is not set.
During a normal login when the VAI$V_DISFORCE_PWD_EXPIRED is set, the system compares UAI$_PWD_DATE against UAI$_PWD_LIFETIME and, if expired, sets the UAI$_PWD_EXPIRED bit and notifies the user to change the now-expired password. In this case, the user is not forced to change the password.
Required Access or Privileges
Use the following list to determine the privileges required to use the $GETUAI service:
* BYPASS or SYSPRV---Allows access to any record in the user authorization file (UAF).
* GRPPRV---Allows access to any record in the UAF whose UIC group matches that of the requester.
* No privilege---Allows access to any UAF record whose UIC matches that of the requester.
You need read access to the UAF to look up any information other than your own.
Required Quota
None
Related Services
$SETUAI