info-vax@ucbvax.ARPA (09/27/84)
From: Ron Tencati <TENCATI@JPL-VLSI.ARPA> Does anyone know of a program in the public domain which will run on my VMS 3.6 system that will either tell me how long it's been since a person last changed their password, or will allow a person to change their password, but require the new one to be at least n characters long (and make a log in the UAF)? We have need of such a program on our system. I thought I heard about a program similar to this being discussed at the last Anaheim DECUS. Thanks for any information. Ron Tencati ------
info-vax@ucbvax.ARPA (09/28/84)
From: engvax!KVC@cit-vax If you can wait a bit longer, what you want will apparently be in VMS V4.0. I think that is what you heard discussed at DECUS. The way it appears to work in V4 is as follows: Passwords can be aged (they will expire). The expiration time is setable per user. The system warns the user when expiration is getting close. If he logs in after expiration, he has to change it during that session or the system will not let him on again. Maybe this action is settable, I don't know... There is also a minimum password length, settable per user. SET PASSWORD can suggest computer generated passwords. You can, on a per user basis, make this mandatory. You can set two passwords on an account if you like. Once you get the first password right, the system comes back with the "Password: " prompt again... Maybe useful for accounts like SYSTEM. You can set a system-wide password on a per-terminal basis. Good for protecting network and dial-up terminals. You get no prompt at all till you type this one in. The system just beeps when auto-baud is complete and waits till you type the system-wide password. It then goes through the regular login sequence. Anyway, DEC was pretty free with V4 info at the last DECUS. They had some Field Test systems there too... /Kevin Carosso engvax!kvc @ CIT-VAX.ARPA Hughes Aircraft Co.
randy@uw-june (William Randy Day) (10/04/84)
I've got microVMS version 1 (which is macroVMS version 4.0) up and
running on a micro VAX, and the password control mechanisms work
pretty much as described by Kevin (engvax!kvc). As the only user
of the system (so far), security has not been much of a problem.
Randy Day.
UUCP: {decvax|ihnp4}!uw-beaver!uw-june!randy
ARPA: randy@washington
CSNET: randy%washington@csnet-relay