[fa.info-vax] Password checking/changing program for VMS

info-vax@ucbvax.ARPA (09/27/84)

From: Ron Tencati <TENCATI@JPL-VLSI.ARPA>


Does anyone know of a program in the public domain which will run on my
VMS 3.6 system that will either tell me how long it's been since a 
person last changed their password, or will allow a person to change 
their password, but require the new one to be at least n characters 
long (and make a log in the UAF)?

We have need of such a program on our system.  I thought I heard about a 
program similar to this being discussed at the last Anaheim DECUS.

Thanks for any information.

Ron Tencati
------

info-vax@ucbvax.ARPA (09/28/84)

From: engvax!KVC@cit-vax

If you can wait a bit longer, what you want will apparently be
in VMS V4.0.  I think that is what you heard discussed at DECUS.
The way it appears to work in V4 is as follows:

	Passwords can be aged (they will expire).   The expiration
	time is setable per user.  The system warns the user
	when expiration is getting close.  If he logs in after
	expiration, he has to change it during that session or the
	system will not let him on again.  Maybe this action is
	settable, I don't know...

	There is also a minimum password length, settable per user.
	SET PASSWORD can suggest computer generated passwords.  You
	can, on a per user basis, make this mandatory.

	You can set two passwords on an account if you like.  Once you
	get the first password right, the system comes back with the
	"Password: " prompt again...   Maybe useful for accounts like
	SYSTEM.

	You can set a system-wide password on a per-terminal basis.
	Good for protecting network and dial-up terminals.  You get
	no prompt at all till you type this one in.  The system just
	beeps when auto-baud is complete and waits till you type the
	system-wide password.  It then goes through the regular login
	sequence.

Anyway, DEC was pretty free with V4 info at the last DECUS.  They had
some Field Test systems there too...

	/Kevin Carosso                        engvax!kvc @ CIT-VAX.ARPA
	 Hughes Aircraft Co.

randy@uw-june (William Randy Day) (10/04/84)

I've got microVMS version 1 (which is macroVMS version 4.0) up and
running on a micro VAX, and the password control mechanisms work
pretty much as described by Kevin (engvax!kvc). As the only user
of the system (so far), security has not been much of a problem.
Randy Day.
UUCP: {decvax|ihnp4}!uw-beaver!uw-june!randy
ARPA: randy@washington
CSNET: randy%washington@csnet-relay