[OpenVMS documentation]
[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
Updated: 11 December 1998

OpenVMS Guide to System Security


Previous Contents Index

Part II
Security for the User

The chapters in this part discuss the following topics:


Chapter 3
Using the System Responsibly

This chapter provides basic information on how to use the system securely. If you apply this knowledge consistently and accurately, while observing your site's specific security policies, you can make the difference between a secure system and one that is vulnerable to unauthorized users.

3.1 Choosing a Password for Your Account

To choose a secure password, use the following guidelines:

Your security administrator may set up additional restrictions, for example, not allowing passwords with fewer than 10 characters.

Table 3-1 provides examples of secure as opposed to risky passwords.

Table 3-1 Secure and Insecure Passwords
Secure Passwords Insecure Passwords
Nonsense syllables:
aladaskgam
eojfuvcue
joxtyois
Words with a strong personal association:
your name
the name of a loved one
the name of your pet
the name of your town
the name of your automobile
A mixed string:
492_weid
$924spa
zu_$rags
A work-related term:
your company name
a special project
your work group name

3.1.1 Obtaining Your Initial Password

Typically, when you learn that an account has been created for you on the system, you are told whether a user password is required. If user passwords are in effect, you are told to use a specific password for your first login. This password has been placed in the system user authorization file (SYSUAF.DAT) with other information about how your account can be used.

It is inadvisable to have passwords that can be easily guessed. Ask the person creating an account for you to specify a password that is difficult to guess. If you have no control over the password you are given, you might be given a password that is the same as your first name. If so, change it immediately after you log in. (The use of first or last names as passwords is a practice so well known that it is undesirable from a security standpoint.)

Log in to your account soon after it is created to change your password. If there is a time lapse from the moment when your account is created until your first login, other users might log in to your account successfully, gaining a chance to damage the system. Similarly, if you neglect to change the password or are unable to do so, the system remains vulnerable. Possible damage depends largely on what other security measures are in effect.

At the time your account is created, you should also be told a minimum length for your password and whether you can choose your new password or let the system generate the password for you.

3.1.2 Observing System Restrictions on Passwords

The system screens passwords for acceptability, as follows:

3.2 Knowing What Type of Password to Use

There are several types of passwords recognized by the OpenVMS operating system. In general, you need to provide a user password when you log in. In some cases, you might also need to provide a system password to gain access to a particular terminal before logging in with your user password. If you are using a system with high security requirements, you might need to provide a primary password and a secondary password.

If you are an externally authenticated user with external authentication enabled on your system, you enter your LAN Manager password at the OpenVMS password prompt. See Section 7.4 for more information. Table 3-2 describes each type of password.

Table 3-2 Types of Passwords
Password Description
User password Required for most accounts. After you enter your user name, you are prompted for a password. If the account requires both primary and secondary passwords, two passwords must be entered.
System password Controls access to particular terminals and is required at the discretion of the security administrator. System passwords are usually necessary to control access to terminals that might be targets for unauthorized use, such as dialup and public terminal lines.
Primary password The first of two user passwords to be entered for an account requiring both primary and secondary passwords.
Secondary password The second of two user passwords to be entered for an account requiring both primary and secondary passwords. The secondary password provides an additional level of security on user accounts. Typically, the general user does not know the secondary password; a supervisor or other key person must be present to supply it. For certain applications, the supervisor may also decide to remain present while the account is in use. Thus, secondary passwords facilitate controlled logins and the actions taken after a login.

Secondary passwords can be time-consuming and inconvenient. They are justified only at sites with maximum security requirements. An example of an account that justifies dual passwords would be one that bypasses normal access controls to permit emergency repair to a database.

3.2.1 Entering a System Password

Your security administrator will tell you if you must specify a system password to log in to one or more of the terminals designated for your use. Ask your security administrator for the current system password, how often it changes, and how to obtain the new system password when it does change.

To specify a system password, do the following:

  1. Press the Return key until the terminal responds with the recognition character, which is normally a bell.


    [Return]
    <bell>
    

  2. Enter the system password, and press Return.


                [Return]
    

    As this example shows, there is no prompt and no echo of the characters you type. If you fail to specify the correct system password, the system does not notify you. (Initially, you might think the system is malfunctioning unless you know that a system password is required at that terminal.) If you do not receive a response from the system, assume that you have entered the wrong password, and try again.

  3. When you enter the correct system password, you receive the system announcement message, if there is one, followed by the Username: prompt.
    For example:


    MAPLE - A member of the Forest Cluster
         Unauthorized Access Is Prohibited     
     
    Username:
    

3.2.2 Entering a Secondary Password

Your security administrator decides whether to require the use of secondary passwords for your account at the time your account is created. When your account requires primary and secondary passwords, you need two passwords to log in. Minimum password length, which the security administrator specifies in your UAF record, applies to both passwords.

An example of a login requiring primary and secondary passwords follows:


 
     WILLOW - A member of the Forest Cluster
         Welcome to OpenVMS on node WILLOW
 
Username: RWOODS
Password:           [Return]
Password:           [Return]
    Last interactive login on Friday, 11-DEC-1993 10:22
$

As with a single password login, the system allots a limited amount of time for the entire login. If you do not enter a secondary password in time, the login period expires.

3.3 Password Requirements for Different Types of Accounts

Five types of user accounts are available on OpenVMS systems:

3.4 Types of Logins and Login Classes

Logins can be either interactive or noninteractive. When you log in interactively, you enter an OpenVMS user name and a password. In noninteractive logins, the system performs the identification and authentication for you; you are not prompted for a user name and password. (The term interactive, as used here, differs from an interactive mode process defined by the DCL lexical function F$MODE(). For a description of the F$MODE function, see the OpenVMS DCL Dictionary.)

In addition to interactive and noninteractive logins, the OpenVMS operating system recognizes different classes of logins. How you log in to the system determines the login class to which you belong. Based on your login class, as well as the time of day or day of the week, the system manager controls your access to the system.

3.4.1 Logging In Interactively: Local, Dialup, and Remote Logins

Interactive logins include the following login classes:

3.4.2 Logging In Using External Authentication

If you are an externally authenticated user, you log in by entering your LAN Manager user ID and password at the OpenVMS login prompts. Your LAN Manager user ID may or may not be the same as your OpenVMS user name.

See Section 7.4 for more information on logging in with external authentication enabled on your system.

3.4.3 Reading Informational Messages

When you log in from a terminal that is directly connected to a computer, the OpenVMS system displays informational system messages. Example 3-1 illustrates most of these messages.

Example 3-1 Local Login Messages

WILLOW - A member of the Forest Cluster    (1)
        Unlawful Access is Prohibited        
 
Username:  RWOODS
Password:
    You have the following disconnected process:    (2)
Terminal   Process name    Image name                              
VTA52:     RWOODS          (none)
Connect to above listed process [YES]: NO
         Welcome to OpenVMS on node WILLOW    (3)   
    Last interactive login on Wednesday,  1-DEC-1993 10:20    (4)
    Last non-interactive login on Monday, 30-NOV-1993 17:39   (5)
        2 failures since last successful login    (6)
 
          You have 1 new mail message.    (7)
 
$

  1. The announcement message identifies the node (and, if relevant, the cluster). It may also warn unauthorized users that unlawful access is prohibited. The system manager or security administrator can control both the appearance and the content of this message.
  2. A disconnected job message informs you that your process was disconnected at some time after your last successful login but is still available. You have the option of reconnecting to the old process and returning your process to its state before you were disconnected.
    The system displays the disconnected job message only when the following conditions exist:
    In general, the security administrator should allow you to reconnect to a disconnected job because this ability poses no special problems for system security. However, the security administrator can disable this function by changing the setup on terminals and by disabling virtual terminals on the system.
  3. A welcome message indicates the version number of the OpenVMS operating system that is running and the name of the node on which you are logged in. The system manager can choose a different message or can suppress the message entirely.
  4. The last successful interactive login message provides the time of the last completed login for a local, dialup, or remote login. (The system does not count logins from a subprocess whose parent was one of these types.)
  5. The last successful noninteractive login message provides the time the last noninteractive (batch or network) login finished.
  6. The number of login failures message indicates the number of failed attempts at login. (An incorrect password is the only source of login failure that is counted.) To attract your attention, a bell rings after the message appears.
  7. The new mail message indicates if you have any new mail messages.

A security administrator can suppress the announcement and welcome messages, which include node names and operating system identification. Because login procedures differ from system to system, it is more difficult to log in without this information.

The last login success and failure messages are optional. Your security administrator can enable or disable them as a group. Sites with medium-level or high-level security needs display these messages because they can indicate break-in attempts. In addition, by showing that the system is monitoring logins, these messages can be a deterrent to potential illegal users.

Each time you log in, the system resets the values for the last successful login and the number of login failures. If you access your account interactively and do not specify an incorrect password in your login attempts, you may not see the last successful noninteractive login and login failure messages.

3.4.4 When the System Logs In for You: Network and Batch Logins

Noninteractive logins include network logins and batch logins.

The system performs a network login when you start a network task on a remote node, such as displaying the contents of a directory or copying files stored in a directory on another node. Both your current system and the remote system must be nodes in the same network. In the file specification, you identify the target node and provide an access control string, which includes your user name and password for the remote node.

For example, a network login occurs when user Greg, who has an account on remote node PARIS, enters the following command:


$ DIRECTORY PARIS"GREG 8G4FR93A"::WORK2:[PUBLIC]*.*;*

This command displays a listing of all the files in the public directory on disk WORK2. It also reveals the password 8G4FR93A. A more secure way to perform the same task would be to use a proxy account on node PARIS. For an example of a proxy login, see Section 3.9.2.

The system performs a batch login when a batch job that you submitted runs. Authorization to build the job is determined at the time the job is submitted. When the system prepares to execute the job, the job controller creates a noninteractive process that logs in to your account. No password is required when the job logs in.

3.5 Login Failures: When You Are Unable to Log In

Logins can fail for any number of reasons. One of your passwords might have changed, or your account might have expired. You might be attempting to log in over the network or from a modem but be unauthorized to do so. Table 3-3 summarizes common reasons for login failure.

Table 3-3 Reasons for Login Failure
Failure Indicator Reason
No response from the terminal. A defective terminal, a terminal that requires a system password, a terminal that is not powered on, or a communications problem caused by defective wiring or by a misconfigured or malfunctioning modem.
No response from any terminal. The system is down or overloaded.
No response from the terminal when you enter the system password. The system password changed.
System messages:  
"User authorization failure" A typing error in your user name or password.
The account or password expired.
"Not authorized to log in from this source" Your particular class of login (local, dialup, remote, interactive, batch, or network) is prohibited.
"Not authorized to log in at this time" You do not have access to log in during this hour or this day of the week.
"User authorization failure" (and no known user failure occurred) An apparent break-in has been attempted at the terminal using your user name, and the system has temporarily disabled all logins at that terminal by your user name.

The following sections describe the reasons for login failure in more detail.


Previous Next Contents Index

[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
[OpenVMS documentation]

Copyright © Compaq Computer Corporation 1998. All rights reserved.

Legal
6346PRO_002.HTML