Accounts and Passwords

Previous page
Table of content
Next page

Before discussing the account/password security mechanisms in detail, I will explain the major security components of an account. Before proceeding, you may want to refer to the basics of account creation discussed in Chapter 4.

The first defense of a secure system is to permit only authorized users to access it. The manager has several parameters to consider when defining his or her password policy. A few of these parameters were discussed in Chapter 4, but that list is incomplete. Here is a more extensive list. A reference to the controlling mechanism accompanies each item.

  • Number of characters in the password: AUTHORIZE /PWDMINIMUM

  • Number of passwords (0, 1, or 2) required at login time: AUTHORIZE /PASSWORD

  • How often the user must change his or her password: AUTHORIZE /PWDLIFETIME

  • The dictionary of unacceptable passwords: SYS$LIBRARY:VMS$PASSWORD_DICTIONARY.DATA

  • A mechanism to enforce a password policy (e.g., to insist that the last character of the password must be a number): POLICY_PLAINTEXT.EXE written by manager

  • Whether the system creates the user's password: AUTHORIZE/ FLAG=GENPWD

  • Whether to maintain a password history (history prevents the user from alternating passwords): AUTHORIZE/FLAG=DISPWDHIS

  • If a password history is maintained, how large should it be: DEFINE SYS$PASSWORD_HISTORY_LIMIT and DEFINE SYS$PASSWORD_HISTORY_LIFETIME

  • Various aspects of the login process (i.e., how to handle invalid logins): SYSMAN PARAMETER LGI_xxx

  • What hours the user may log in and by what means (e.g., dial-up, network, direct connection, batch): AUTHORIZE/PRIMEDAYS and AUTHORIZE/ACCESS

  • Whether the user operates from a controlled menu (captive account) or is free to use all DCL commands: AUTHORIZE/FLAGS=CAPTIVE

  • Whether a user is permitted to receive mail: AUTHORIZE/FLAGS=DISMAIL

  • Whether a user is permitted to log in: AUTHORIZE/FLAGS=DISUSER

  • The manager's account, SYSTEM, may be restricted to log in to specific terminals: SET TERMINAL/PERMANENT/SYSPASSWORD

  • System privileges granted to the account: AUTHORIZE/PRIVILEGE

  • Membership in a logical group or groups for the purpose of security access: AUTHORIZE ADD/IDENTIFIER



Previous page
Table of content
Next page
Getting Started with OpenVMS System Management
Getting Started with OpenVMS System Management (HP Technologies)
ISBN: 1555582818
EAN: 2147483647
Year: 2004
Pages: 130
Authors: David Miller
BUY ON AMAZON
Software Configuration Management
C & Data Structures (Charles River Media Computer Engineering)
Cisco CallManager Fundamentals (2nd Edition)
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
PMP Practice Questions Exam Cram 2
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy