HPE Community
Operating System - OpenVMS
1820260 Members
2937 Online
109622 Solutions
New Discussion юеВ

password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

 
SOLVED
Go to solution
Joseph Huber_1
Honored Contributor

тАО01-27-2009 12:14 AM

тАО01-27-2009 12:14 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

No such error on my Alpha 7.3-1 system and IA64 8.3 .
What is Your system ?
Do You have a symbol MACRO ? (show symbol macro).
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО01-27-2009 12:16 AM

тАО01-27-2009 12:16 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

$ show symbol macro
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
$ show system
OpenVMS V7.3-2
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-27-2009 12:31 AM

тАО01-27-2009 12:31 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Since I have not really changed parse_uic.mar, just replaced lib$tparse by lib$table_parse,
try "macro parse_uic_vax", the original.

My only idea is that the default macro command in 7.3-2 is invoking the Alpha assembler, not macro32.
Try "macro/migrate parse_uic" to see if that works.

If yes, replace the macro commands in compile.com by macro/migrate.
http://www.mpp.mpg.de/~huber
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-27-2009 12:36 AM

тАО01-27-2009 12:36 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Oh no, I see compile.com does already macro/migrate for alpha and ia64.
So the problem must be in VMS 7.3-2 macro in general or Your installation specifically.

I assume your previous distribution of uaf.zip was working, except it did not have the newer flags keyword: compare the parse_uic.mar from there with the new one. Does it compile ?
http://www.mpp.mpg.de/~huber
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-27-2009 12:46 AM

тАО01-27-2009 12:46 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

And BTW AMAC-E- messages clearly are generated bvy the Alpha macro-assembler, NOT the macro32 (Vax-macro-) compiler.
I really wonder how You were able to compile before ?
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО01-27-2009 12:49 AM

тАО01-27-2009 12:49 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

I was not able to compile.

I downloaded an already compiled distribution with .obj and .exe already created.
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-27-2009 01:05 AM

тАО01-27-2009 01:05 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Well then, I have no idea what causes this behaviour. macro/migrate should invoke the macro32 compiler, not the macro64 assembler.
Maybe an out of the box alpha VMS is installing it like that ?
The only thing I can see on my system regarding macro was an installation of macro64 in vmsinstal.history.
So maybe this is necessary to invoke the macro32 compiler.

Meanwhile I will add the alpha object and exe files to my uaf.zip in sudirectory [.alpha]
just wait half an hour ...
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО01-30-2009 01:31 AM

тАО01-30-2009 01:31 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Thank you Joseph!!

I downloaded the compiled kit.. it works!!

One more thing and I believe we are done.

When I issue the following command (find all accounts that are disabled and have pwdmix flag set):

uafselect2 /select=flag=(DISUSER,PWDMIX) -
/display=(username,flags)/total

I ask to display the username and flags. I observed that all other flags are displayed except pwdmix even though it is set.

Please help!
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-30-2009 03:01 AM

тАО01-30-2009 03:01 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Yep, I counted the number of bits wrong:
in display.c max_flags is 26 not 25.
Change this one number in display.c or
get the new obj/exe from my updated uaf.zip .
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО01-30-2009 04:06 AM

тАО01-30-2009 04:06 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

I got the new obj/exe files, but still pwdmix flag is not displayed.
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-30-2009 04:16 AM

тАО01-30-2009 04:16 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

I have no alpha with a VMS version new enough to test, but on IA64 VMS 3.8 it works:

$ uaf/select=flags=pwdmix /display=(username,flags)
user: DEFAULT flags: DISUSER,PWDMIX
$ sh sys/noproc
OpenVMS V8.3-1H1 on node DECUSI 30-JAN-2009 13:11:22.66 Uptime 15 18:36:59


And I compiled and linked from the same source on Alpha 7.3-1.

Eventually just link uaf.exe again from the objects in [.alpha] subdirectory.

And You are sure not to use the old version of uaf.exe (see Your uaf symbol), and are testing on the 7.3-2, not on 7.3-1 ?
http://www.mpp.mpg.de/~huber
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-30-2009 04:33 AM

тАО01-30-2009 04:33 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

And even on my 7.3-1 system:

MPIW10_HUB> uaf/select=flags=pwdmix /display=(username,flags)
user: DEFAULT flags: DISUSER,PWDMIX
MPIW10_HUB>sh sys/noproc
OpenVMS V7.3-1 on node MPIW10 30-JAN-2009 13:29:23.30 Uptime 100 22:55:14


You either did noth update uaf.zip (web proxy cache not updated), or your uaf command symbol is pointing to an old version.
Does "AUTHORIZE SHOW user" show the flag ?
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО01-30-2009 05:04 AM

тАО01-30-2009 05:04 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Yes the authorize command displays the flag.

I observed that the files within uaf.zip at your site, when I download it they have a date of 27/1/2009 in ALPHA directory.

Is that correct?

Maybe I redownload the previous version of uaf.zip!
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-30-2009 05:10 AM

тАО01-30-2009 05:10 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

No, [.alpha]display.obj and uaf.exe has a date of today.
You definitely got the old version from cache.
I try to flush the cache of my web-server, retry to fetch uaf.zip again in a few minutes, but make sure You use the cache bypass feature of your browser.
http://www.mpp.mpg.de/~huber
0 Kudos
Joseph Huber_1
Honored Contributor

тАО01-30-2009 05:54 AM

тАО01-30-2009 05:54 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

If it is not possible to bypass cache/proxy, use anonymous FTP to wwwvms.mppmu.mpg.de

cd /pub/vmssig/archive/u
binary
get uaf.zip
http://www.mpp.mpg.de/~huber
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО02-02-2009 12:25 AM

тАО02-02-2009 12:25 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Hello,

I managed to download the latest version of uaf.zip. It works and displays pwdmix flag.

Thank you all for your effort.

Case is closed.
0 Kudos
Thanassis Papadimitriou
Frequent Advisor

тАО02-02-2009 12:29 AM

тАО02-02-2009 12:29 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Using uaf.zip I am able to query authorize by non-standard criteria as provided by itself in uaf. Hence, I am able now to display all disabled users with pwdmix set and so on.

Also, I have found a code in macro 32 which allows to force password complexity to user. I am able to specify the level of complexity between lower, upper, number and special characters. Very convenient.

Thank you.
0 Kudos
Jon Pinkley
Honored Contributor

тАО11-05-2010 04:02 PM

тАО11-05-2010 04:02 PM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Joseph Huber, this link appears to be dead.

http://wwwvms.mppmu.mpg.de/vmssig/archive/u/uaf.zip

Have you considered sending your updates to Hunter?

Jon
it depends
0 Kudos
Craig A Berry
Honored Contributor

тАО11-05-2010 07:10 PM

тАО11-05-2010 07:10 PM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

I've updated UAF so it compiles without using /STANDARD=VAXC, no longer uses RTL routines and system services that were deprecated decades ago, and can handle newer privileges and flags (e.g., EXTAUTH).

Source code and binary kits are available from:

http://code.google.com/p/jmuaf/
0 Kudos
Joseph Huber_1
Honored Contributor

тАО11-06-2010 06:10 AM

тАО11-06-2010 06:10 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Thanks Craig for doing the update.
Jon,
my fix in 2009 was just an adhoc fix to add the missing flags for the imminent needs, I did not fix the many other problems with old code.
My remaining 7.3-1 is anyway too old to reflect recent VMS state.
And my VMSSIG archive also is not updated since years.
I just kept and will keep the various /vmssig/src/ files on my current personal web pages.
See
http://wwwvms.mppmu.mpg.de/vmssig/
which is now redirected to
http://www.mpp.mpg.de/~huber/vmssig/
http://www.mpp.mpg.de/~huber
0 Kudos
Hoff
Honored Contributor

тАО11-06-2010 06:10 AM

тАО11-06-2010 06:10 AM

Re: password complexity enforcement for OpenVMS 7.3-1 and OpenVMS 7.3-2

Here's a different variation of the classic UAF tool, and has new knobs including /CLSVAL (for the DEFCLSVAL flag), /DISPPWDSYNCH, /EXTAUTH, /MIGRATEPWD, /PWDMIX and /VMSAUTH.

Code bits are here:

http://labs.hoffmanlabs.com/node/1205

This is descended from some code originally written by Frank Nagy.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.