HPE Community
Operating System - OpenVMS
1830938 Members
2122 Online
110017 Solutions
New Discussion

PassGO. (Single password/synchronization across platforms) - any info?

 
Bob Talbot
Occasional Advisor

‎01-14-2005 01:20 AM

‎01-14-2005 01:20 AM

PassGO. (Single password/synchronization across platforms) - any info?

Hello..

Has anyone incorporated PassGo into their environments with intel-based systems and OpenVMS systems? I support the VMS side of things and the powers-that-be want us to incorporate PassGo to make it easier for the users. My concern is security. I researched the product but cannot find anything pertaining to OpenVMS except that it is one of the platforms the product can work with. We have a few 2-node clusters on the OpenVMS side that house our Payroll and Human Resource systems as well as other systems that has sensitive data. Any info would be much appreciated. Thanks.
0 Kudos
Reply
2 REPLIES 2
Anton van Ruitenbeek
Trusted Contributor

‎01-15-2005 10:07 PM

‎01-15-2005 10:07 PM

Re: PassGO. (Single password/synchronization across platforms) - any info?

Bob,

Any password syncronisation program has a potential problem with security. In my mind: Never do this if your major concern is security !
If you want to be secure, never syncronise youre passwords with Unix and Windows systems. The passwords of these systems are very easy to break (I just read that it takes about 30 sec. to break an Windows XP pasword !) If you want to go for go easy for your users, also don't go for a PassGo or other products. The major problem here is, if at one time the syncroniser misses a pasword change, you don't know whitch and when the rigt password is. The best thing to do is eq. use kerberos or other 'ONE database' solutions.
Other very good working solution is use Advanced Server for password authentication. In this case you use the windows database for username/password checking. The rest (privileges etc.) will be checked within Authorize. The disadvantige is you use the Windows security (that realy sucks) but you have one security database, no synchronisation and other overhead and potential problems.
We looked a few years ago at PassGo since we where using Novell, M$Windows, Tru64 Unix and OpenVMS. Whe did not choose it because the potential problems.

AvR
NL: Meten is weten, maar je moet weten hoe te meten! - UK: Measuremets is knowledge, but you need to know how to measure !
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎01-16-2005 02:31 AM

‎01-16-2005 02:31 AM

Re: PassGO. (Single password/synchronization across platforms) - any info?

I essentially support Anton's answer.
One thing: in the Mickeyware world, formally you DO use one database, but it has to be 'synchronised' )ie, replicated) over the various Domain Controllers. (Any login process uses one of the domain controllers, which only has a limited chance of being the controller on which the user did the change).
It CAN be quite annoying to explain to your users that they HAVE correctly changed their password, but that is is only valid in some ( say 10-15 minutes) time!

fwie,

Proost.

Have one on me.

Jan
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.