home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!gatech!usenet.ins.cwru.edu!agate!ucbvax!mhs.attmail.com!simons/G=Colin/I=CB/S=Sewell/O=H.A.Simons.Ltd/OU=CORP
- From: simons/G=Colin/I=CB/S=Sewell/O=H.A.Simons.Ltd/OU=CORP@mhs.attmail.com
- Newsgroups: comp.os.vms
- Subject: Re: PASSWORDS & SCHEMES
- Message-ID: <9301081931.AA12257@ucbvax.Berkeley.EDU>
- Date: 8 Jan 93 15:45:38 GMT
- Sender: daemon@ucbvax.BERKELEY.EDU
- Distribution: world
- Organization: The Internet
- Lines: 73
-
- Dan Wing writes:
- |Jon Baker, SYSTEM_JB@UNODE1.NSWC.NAVY.MIL, writes:
- |
- |>We have a problem with users here in that they tend to write passwords down.
- |>"That's bad." Many users have several accounts on different systems and
- |>therefore must remember several passwords. For security purposes, we generate
- |>the passwords and they look like some foreign encryption code. We were
- |>wondering if anyone has or knows of a program or product we could use to check
- |>passwords for a conformity standard (make sure they HAD special characters in
- |>it, etc.) so that we could allow users to make up their own passwords. We
- |>don't do it now since they could just put in their username or a proper name
- |>even with the password checker provided in VMS 5.4. That wouldn't be "prudent"
- |>in a security conscious environment. I guess we could use some extra password
- |>dictionaries as well. O-)
- |
- |The V5.4 password checking algorithm does not allow your username to be
- |your password, or your username + username:
- |
- | $ SET PASS
- | Old password:
- | New password: DWINGDWING
- | %SYSTEM-F-PWDWEAK, password is too easy to guess; please choose another
- | string
- |
-
- i think this is caused by your site specific VMS$PASSWORD_POLICY.
- as far as i know VMS doesn't prevent you from using your username
- as a password unless you specifically disallow it in VMS$PASSWORD_POLICY.
-
- |Mayhaps someone with source listings could detail all the various permutations
- |that are (currently) dis-allowed.
- |
- |You can implement your own site-specific password policy. See
- |SYS$EXAMPLES:VMS$PASSWORD_POLICY.ADA, .B32. This requires changing a SYSGEN
- |parameter (LOAD_PWD_POLICY) so you'll have to reboot a few times to get
- |it working to your satisfaction. I'm sure someone on the net has one
- |written in Macro or C, and would volunteer that program for public
- |consumption?
- |
- |Using the site-specific policy, you can require that special characters such
- |as @, #, $, %, &, etc., be present in the password string. It also captures
- |the plaintext password -- I hope it goes without saying, but DON'T STORE
- |THIS ANYWHERE!
-
-
- VMS will not allow you to use @, #, %, & etc in passwords. The only legal
- characters are A-Z, 0-9, $, _.
-
-
- |
- |Also add site-specific words to your password dictionary (I don't know if a
- |site-specific password policy causes the dictionary and password history to
- |be disabled or supplimented with the site-specific password policy). The
- |VMS V5.5 release notes describe how to best add your own words to the
- |password dictionary (section 2.27.3). Some words used by some worm programs
- |aren't in this dictionary (if you add all the words that you learned in
- |Junior High you'll cover most of them).
- |
-
- The VMS password dictionary is in effect for all users, regardless
- of you VMS$PASSWORD_POLICY, unless it is turned off for a user via
- AUTHORIZE MODIFY username/FLAGS=DISPWDDIC. The same goes for password
- history (/FLAGS=DISPWDHIS).
-
- |-Dan Wing, dwing@uh01.colorado.edu or wing_d@ucolmcc.bitnet (DGW11)
- | Systems Administrator, University Hospital, Denver
-
-
- colin sewell
- h.a.simons ltd.
- vancouver, bc
- "simons/g=colin/s=sewell"@mhs.attmail.com
-
-
