Login Security

Previous page
Table of content
Next page

The system manager may control (using AUTHORIZE) several parameters that govern the login process. These parameters are specified in the SYSUAF and are listed as follows. The specific AUTHORIZE qualifier is indicated in parentheses. Notice that these qualifiers are defined for every account, and many of them are shown in the previous SHOW DMILLER/FULL example. The parameters are as follows:

  • Whether two passwords are required to log in (/PASSWORD=)

  • The minimum length of a password (/PWDMINIMUM=)

  • The lifetime of a password (i.e., how often the password must be changed) (/PWDLIFETIME=)

  • Whether the user is permitted to change his or her password (FLAG=LOCKPWD)

  • Whether the user must use system-generated passwords (/GENERATE=)

  • What time of day and day of week the user may log in (/ACCESS=)

In addition, certain systemwide policy settings may be controlled (via SYSMAN PARAMETER) by the manager. These settings are stored in xVMSSYS.PAR, as discussed in both Chapters 2 and 7. The following is a partial list of these SYSMAN-pertinent parameters (the specific parameter is listed in parentheses):

  • Maximum number of login failures before the user is disconnected (LGI_RETRY_LIM)

  • Maximum amount of time the user has to respond to the login prompt before being disconnected (LGI_RETRY_TMO)

  • Maximum number of login failures from the same location or to the same account permitted before a break-in event is declared (LGI_BRK_LIM)

  • How long to disable further login attempts from that location or to that account (LGI_BRK_TMO)

  • When a break-in is detected, the user's account may be disabled (LGI_BRK_DISUSER).

SYSMAN is used to display and change current settings. The following example shows how to list them all. Only the rightmost column requires an explanation. Some parameters take place immediately, which are termed dynamic. Other parameters require a system boot before they are effective; these are termed nondynamic. The dynamic position of the display is blank for these parameters.

     $ MCR SYSMAN     SYSMAN> parameter show /lgi     Node BEAVER: Parameters in use: ACTIVE     Parameter Name    Current    Default    Minimum    Maximum Unit   Dynamic     --------------    -------    -------    -------    ------- ----   -------     LGI_BRK_TERM            1          1          0          1 Boolean      D     LGI_BRK_DISUSER         0          0          0          1 Boolean      D     LGI_PWD_TMO            30         30          0        255 Seconds      D     LGI_RETRY_LIM           3          3          0        255 Tries        D     LGI_RETRY_TMO          20         20          0        255 Seconds      D     LGI_BRK_LIM             5          5          1        255 Failures     D     LGI_BRK_TMO           300        300          0    5184000 Seconds      D     LGI_HID_TIM           300        300          0 1261440000 Seconds      D

SYSMAN also includes HELP for all parameters. The following display illustrates this feature. Unfortunately, the command appears a bit baroque, but the information is valuable. It would appear that this value is set incorrectly on my system, because I use LAT.

     SYSMAN> help parameter parameter lgi_brk_term     PARAMETERS       Parameters         LGI_BRK_TERM              LGI_BRK_TERM causes the terminal name to be part of the              association string for the terminal mode of break-in detection.              When off (0), association is done on user name only. LGI_BRK_              TERM is set by default (1). It should be cleared if physical              terminal names are created dynamically (that is, if LAT is              installed) and effective break-in detection is desired.              LGI_BRK_TERM is a DYNAMIC parameter.

The change requires several commands, because all changes are made in a workspace and then moved to memory to become active. The changes are also moved to file to make them permanent. These steps are as follows:

     SYSMAN> parameter use active           ! initialize workspace     SYSMAN> parameter set lgi_brk_term 0   ! make the change     SYSMAN> parameter write active         ! write workspace to memory     SYSMAN> parameter write current        ! write workspace to file     SYSMAN> parameter sho lgi_brk_term     ! display change     Node BEAVER:   Parameters in use: ACTIVE     Parameter Name      Current    Default    Minimum    Maximum Unit   Dynamic     --------------      -------    -------    -------    ------- ----   -------     LGI_BRK_TERM              0          1          0          1 Boolean      D



Previous page
Table of content
Next page
Getting Started with OpenVMS System Management
Getting Started with OpenVMS System Management (HP Technologies)
ISBN: 1555582818
EAN: 2147483647
Year: 2004
Pages: 130
Authors: David Miller
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Building Web Applications with UML (2nd Edition)
Competency-Based Human Resource Management
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
What is Lean Six Sigma
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy