Operating System - OpenVMS
1748127 Members
3931 Online
108758 Solutions
New Discussion юеВ

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

 
SOLVED
Go to solution
Thanassis Papadimitriou
Frequent Advisor

password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

I would like to enforce all users to enter password strings containing at least 3 characters from 1 upper, 1 lower, 1 numeric and 1 special character.

I know that this is enabled per user by assigning /pwdmix flag to the account. But, it is limited to upper, lower characters.

It is time consuming to write down a new code using VMS$PASSWORD_POLICY.EXAMPLE, can we find any existing code to use.

I would like to be able to specify the number of upper, lower, numeric and special that a password must contain and also to define the total number of complexity characters that the password must at least contain.
45 REPLIES 45
Joseph Huber_1
Honored Contributor
Solution

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2


Too complex? because the examples are written in ADA and Bliss ?

maybe start with this example, if You can handle C source:
http://wwwvms.mppmu.mpg.de/vmssig/src/c/VMS$PASSWORD_POLICY.C

http://www.mpp.mpg.de/~huber
Thanassis Papadimitriou
Frequent Advisor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Yes, it is complex.

But, the C example is to weak to use. It counts only digits.

What I need is the following:

http://64.223.189.234/node/643

it is written in Macro 32. Can you help me and guide how to install it in my platform?
Joseph Huber_1
Honored Contributor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

> But, the C example is to weak to use. It counts only digits.

Yes, I meant start with this example, and extend it, or You are no C programmer and have none available ?

The Macro code on Hoffs site seems to be ready to be used: follow the "usage" comment: Macro,link,copy the .EXE to sys$common:[syslib], and set the system parameter LOAD_PWD_POLICY to 1.
http://www.mpp.mpg.de/~huber
Joseph Huber_1
Honored Contributor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

forgot in the list the INSTALL command of course after copying the module to sys$common:[syslib].
And also note to do the INSTALL from systartup_vms.com !
http://www.mpp.mpg.de/~huber
Robert Gezelter
Honored Contributor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Thanassis,

These examples were never meant as finished products. They are merely examples of the means and methods to interface a custom password policy module.

Since OpenVMS is language agnostic, it is possible to write such a module in any language that one (or one's colleagues) is familiar with, with the possible direct exceptions of non-compiled languages such as Java, PERL, and DCL).

Alternatively, outside expertise may be retained to implement what ever policy is eventually decided. (Disclosure: We do provide services in this area, as do other frequent contributors to this forum).

- Bob Gezelter, http://www.rlgsc.com
Thanassis Papadimitriou
Frequent Advisor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Robert,

Thank you for your input but the code in macro 32 works fine. I managed to make it function.

I have tested it in OpenVMS 7.3-2 & OpenVMS 7.2-1 and I got results in each OS version tested.

BR,

Thanassis Papadimitriou
Frequent Advisor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Joseph,

I did what is written in usage guides. But, I issued the INSTALL from command prompt. Should I add an INSTALL line in the startup file as well to enable VMS$PASSWORD_POLICY whenever the server is rebooted?

BR,
Jan van den Ende
Honored Contributor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Thanassis,

>>>
Should I add an INSTALL line in the startup file as well to enable VMS$PASSWORD_POLICY whenever the server is rebooted?
<<<

Most definitely, YES!!!

If you set the LOAD_PWD_POLICY, and do NOT do the install,then there is NO way to log into the system at all!
(if that SHOULD happen, you must boot conversational, unset it, (so you can log in again) and put the INSTALL in the startup, set LOAD_PWD_POLICY again, and reboot again. No pretty prospect)

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Joseph Huber_1
Honored Contributor

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

As I have written, put the INSTALL into sysstartup_vms.com,
this means it is executed at reboot.

And at best follow the advice of Stephen Hoff. NOT to set the system parameter LOAD_PWD_POLICY permanent to 1, but do it at the ACTIVE sysgen parameter set at every boot;
this way the parameter stays at 0 when sysartup_vms is aborted for whatever reason.

At best, put the INSTALL together with the SYSGEN commands into a separate commandfile, executed towards the end of systartup-vms.
http://www.mpp.mpg.de/~huber