![[Digital logo]](../../IMAGES/DIGITAL-LOGO.GIF){kind=logo}
![[HR]](../../IMAGES/REDBAR.GIF)
In addition to interactive and noninteractive logins, the OpenVMS operating system recognizes different classes of logins. How you log in to the system determines the login class to which you belong. Based on your login class, as well as the time of day or day of the week, the system manager controls your access to the system.
Interactive logins include the following login classes:
$ SET HOST HUBBUB
If you are an externally authenticated user, you you log in by entering your LAN Manager user ID and password at the OpenVMS login prompts. Your LAN Manager user ID may or may not be the same as your OpenVMS user name.
See Section 7.4 for more information on logging in with external authentication enabled on your system.
When you log in from a terminal that is directly connected to a computer, the OpenVMS system displays informational system messages. Example 3-1 illustrates most of these messages.
Example 3-1 Local Login Messages
WILLOW - A member of the Forest Cluster (1)
Unlawful Access is Prohibited
Username: RWOODS
Password:
You have the following disconnected process: (2)
Terminal Process name Image name
VTA52: RWOODS (none)
Connect to above listed process [YES]: NO
Welcome to OpenVMS on node WILLOW (3)
Last interactive login on Wednesday, 1-DEC-1993 10:20 (4)
Last non-interactive login on Monday, 30-NOV-1993 17:39 (5)
2 failures since last successful login (6)
You have 1 new mail message. (7)
$
A security administrator can suppress the announcement and welcome messages, which include node names and operating system identification. Because login procedures differ from system to system, it is more difficult to log in without this information.
The last login success and failure messages are optional. Your security administrator can enable or disable them as a group. Sites with medium-level or high-level security needs display these messages because they can indicate break-in attempts. In addition, by showing that the system is monitoring logins, these messages can be a deterrent to potential illegal users.
Each time you log in, the system resets the values for the last successful login and the number of login failures. If you access your account interactively and do not specify an incorrect password in your login attempts, you may not see the last successful noninteractive login and login failure messages.
Noninteractive logins include network logins and batch logins.
The system performs a network login when you start a network task on a remote node, such as displaying the contents of a directory or copying files stored in a directory on another node. Both your current system and the remote system must be nodes in the same network. In the file specification, you identify the target node and provide an access control string, which includes your user name and password for the remote node.
For example, a network login occurs when user Greg, who has an account on remote node PARIS, enters the following command:
$ DIRECTORY PARIS"GREG 8G4FR93A"::WORK2:[PUBLIC]*.*;*
This command displays a listing of all the files in the public directory on disk WORK2. It also reveals the password 8G4FR93A. A more secure way to perform the same task would be to use a proxy account on node PARIS. For an example of a proxy login, see Section 3.9.2.
The system performs a batch login when a batch job that you submitted runs. Authorization to build the job is determined at the time the job is submitted. When the system prepares to execute the job, the job controller creates a noninteractive process that logs in to your account. No password is required when the job logs in.
Logins can fail for any number of reasons. One of your passwords might have changed, or your account might have expired. You might be attempting to log in over the network or from a modem but be unauthorized to do so. Table 3-3 summarizes common reasons for login failure.
| Failure Indicator | Reason |
|---|---|
| No response from the terminal. | A defective terminal, a terminal that requires a system password, a terminal that is not powered on, or a communications problem caused by defective wiring or by a misconfigured or malfunctioning modem. |
| No response from any terminal. | The system is down or overloaded. |
| No response from the terminal when you enter the system password. | The system password changed. |
| System messages: | |
| "User authorization failure" |
A typing error in your user name or password.
The account or password expired. |
| "Not authorized to log in from this source" | Your particular class of login (local, dialup, remote, interactive, batch, or network) is prohibited. |
| "Not authorized to log in at this time" | You do not have access to log in during this hour or this day of the week. |
| "User authorization failure" (and no known user failure occurred) | An apparent break-in has been attempted at the terminal using your user name, and the system has temporarily disabled all logins at that terminal by your user name. |
The following sections describe the reasons for login failure in more detail.
You cannot log in if the terminal you attempt to use requires a system password and you are unaware of the requirement. All attempts at logging in fail until you enter the system password.
If you know the system password, perform the steps described in Section 3.2.1. If your attempts fail, it is possible that the system password has been changed. Move to a different terminal that does not require a system password, or request the new system password.
If you do not know the system password and you suspect that this is the problem, try logging in at another terminal.
If you attempt a class of login that is prohibited in your UAF record, your login fails. For example, your security administrator can restrict you from logging in over the network. If you attempt a network login, you receive a message stating that you are not authorized to log in from this source.
Your security administrator can restrict your logins to include or exclude any of the following classes: local, remote, dialup, batch, or network. (For a description of these classes, see Section 3.4.1 and Section 3.4.4.)
Another cause of login difficulty is failure to observe your shift restrictions. A system manager or security administrator can control access to the system based on the time of day or the day of the week. These restrictions are imposed on classes of logins. The security administrator can apply the same work-time restrictions to all classes of logins or choose to place different restrictions on different login classes. If you attempt a login during a time prohibited for that login class, your login fails. The system notifies you that you are not authorized to log in at this time.
When shift restrictions apply to batch jobs, jobs you submit that are scheduled to run outside your permitted work times are not run. The system does not automatically resubmit such jobs during your next available permitted work time. Similarly, if you have initiated any kind of job and attempt to run it beyond your permitted time periods, the job controller aborts the uncompleted job when the end of your allocated work shift is reached. This job termination behavior applies to all jobs.
Your security administrator can control the number of chances you are given to enter a correct password during a dialup login before the connection is automatically broken.
If your login fails and you have attempts remaining, press the Return key and try again. You can do this until you succeed or reach the limit. If the connection is lost, you can redial the access line and start again.
The typical reason for limiting the number of dialup login failures is to discourage unauthorized users attempting to learn passwords by trial and error. They already have the advantage of anonymity because of the dialup line. Of course, limiting the number of tries for each dialup does not necessarily stop this kind of intrusion. It only requires the would-be perpetrator to redial and start another login.
If anyone has made a number of failed attempts to log in at the same terminal with your user name, the system concludes that an intruder is attempting to gain illegal access to the system by using your user name.
At the discretion of your security administrator, break-in evasion measures can be in effect for all users of the system. The security administrator controls how many password attempts are allowed over what period of time. Once break-in evasion tactics are triggered, you cannot log in to the terminal---even with your correct password---during a defined interval. Your security administrator can tell you how long you must wait before reattempting the login, or you can move to another terminal to attempt a login.
If you suspect that break-in evasion is preventing your login and you have not personally experienced any login failures, you should contact your security administrator immediately. Together, you should attempt another login and check the message that reveals the number of login failures since the last login to confirm or deny your suspicion of intrusion attempts. (If your system does not normally display the login message, your security administrator can use the Authorize utility (AUTHORIZE) to examine the data in your UAF record.) With prompt action, your security administrator can locate someone attempting logins at another terminal.
Changing passwords on a regular basis promotes system security. To change your password, enter the DCL command SET PASSWORD.
The system manager can allow you to select a password on your own or can require that you use the automatic password generator when you change your password. If you select your own password, note that the password must follow system restrictions on length and acceptability (see Section 3.1.2). For example, if your password choice is too short, the system displays the following message:
%SET-E-INVPWDLEN, invalid password length - password not changed
Section 3.1 provides guidelines and examples for specifying secure passwords.
There is no restriction on how many times you can change your password in a given period of time.
If your system manager does not require use of the automatic password generator, the SET PASSWORD command prompts you to enter the new password. It then prompts you to reenter the new password for verification, as follows:
$ SET PASSWORD [Return] New password: Verification:
If you fail to enter the same password twice, the password is not changed. If you succeed in these two steps, there is no notification. The command changes your password and returns you to the DCL prompt.
Even though your security administrator may not require the password generator, you are strongly encouraged to use it to promote the security of your system. Section 3.6.2 describes how to use generated passwords.
If your system security administrator decides that you must let the system generate the password for you automatically, the system provides you with a list of password choices when you enter the DCL command SET PASSWORD. (When the system does not require generated passwords, add the /GENERATE qualifier to SET PASSWORD for a list of password choices.) The character sequence resembles native language words to make it easy to remember, but it is unusual enough to be difficult for outsiders to guess. Because system-generated passwords vary in length, they become even more difficult to guess.
Note
The password generator uses basic syllabic rules to generate words but has no real knowledge of any language. As a result, it can unintentionally produce words that are offensive.
In the following OpenVMS VAX example, the system automatically generates a list of passwords made up of random sequences of characters. The minimum password length for the user in the following example has been set to 8 in the UAF record.
$ SET PASSWORD Old password: [Return] (1) reankuna rean-ku-na (2) cigtawdpau cig-tawd-pau adehecun a-de-he-cun ceebatorai cee-ba-to-rai arhoajabad ar-hoa-ja-bad Choose a password from this list, or press Return to get a new list (3) New password: [Return] (4) Verification: [Return] (5) $ (6)
The preceding example illustrates the following:
One disadvantage of automatic password generation is the possibility that you might not remember your password choice. However, if you dislike all the password choices in your list or think none are easy to remember, you can always request another list.
A more serious drawback of automatic password generation is the potential disclosure of password choices from the display the command produces. To protect your account, change your password in private. If you perform the change on a video terminal, clear the display of password choices from the screen after the command finishes. If you perform the change in a DECwindows environment, use the Clear Lines Off Top option from the Commands menu to remove the passwords from the screen recall buffer. If you use a printing terminal, properly dispose of all hardcopy output.
If you later realize that you failed to protect your password in these ways, change your password immediately. Depending on site policy or your own judgment concerning the length of time your account was exposed, you might decide to notify your security administrator that a security breach could have occurred through your account.
To change a secondary password, use the DCL command SET PASSWORD/SECONDARY. You are prompted to specify the old secondary password and the new secondary password, just as in the procedure for changing the primary password. To remove a secondary password, press the Return key when you are prompted for a new password and verification.
You can change primary and secondary passwords independently, but both are subject to the same change frequency because they share the same password lifetime. See Section 3.7 for information on password lifetimes.
Even if your current password has not yet expired, you can change your password when you log in to the system by including the /NEW_PASSWORD qualifier with your user name, as follows:
WILLOW - A member of the Forest Cluster
Username: RWOODS/NEW_PASSWORD
Password:
Welcome to OpenVMS on node WILLOW
Last interactive login on Tuesday, 7-NOV-1993 10:20
Last non-interactive login on Monday, 6-NOV-1993 14:20
Your password has expired; you must set a new password to log in
New password:
Verification:
Entering the /NEW_PASSWORD qualifier after your user name forces you to set a new password immediately after login.
Your system manager can set up your account so that your password, or the account itself, expires automatically on a particular date and time. Password expiration times promote system security by forcing you to change your password on a regular basis. Account expiration times help to ensure that accounts are available only for as long as they are needed.
As you approach the expiration time of your password, you receive an advance warning message. The message first appears 5 days before the expiration date and at each subsequent login. The message appears immediately below the new mail message and sounds the bell character on your terminal to attract your attention. The message indicates that your password is expiring, as follows:
WARNING -- Your password expires on Thursday 19-DEC-1993 15:00
If you fail to change your password before it expires, you receive the following message when you log in:
Your password has expired; you must set a new password to log in New password:
The system prompts you for a new password or, if automatic password generation is enabled, asks you to select a new password from those listed (see Section 3.6.2). You can abort the login by pressing Ctrl/Y. At your next login attempt, the system again prompts you to change your password.
When You Are Using a Secondary Password
If secondary passwords are in effect for your account (see Section 3.2), the secondary password expires at the same time as the primary one. You are prompted to change both passwords. If you change the primary password and press Ctrl/Y before changing the secondary password, the login fails. The system does not record a password change.
When You Fail to Change Your Password
If the system manager decides not to force you to change your expired password upon logging in, you receive one final warning when you log in after your password expires, as follows:
WARNING -- Your password has expired; update immediately with SET PASSWORD!
At this point, if you do not change the password or if the system fails before you have the opportunity to do so, you will be unable to log in again. To regain access, see your system manager.
If you need your account for a specific purpose for a limited time only, the person who creates your account may specify a period of time after which the account lapses. For example, student accounts at universities are typically authorized for a single semester at a time.
The system automatically denies access to expired accounts. You receive no advance warning message before the account expiration date, so it is important to know in advance your account duration. The account expiration resides in the UAF record, which can be accessed and displayed only through the use of the Authorize utility (AUTHORIZE) by users with the SYSPRV privilege or equivalent---normally, your system manager or security administrator.
When your account expires, you receive an authorization failure message at your next attempted login. If you need an extension, follow the procedures defined at your site.
Illegal system access through the use of a known password is most often caused by the owner's disclosing the password. It is vital that you do not reveal your password to anyone.
6346P002.HTM OSSG Documentation 22-NOV-1996 13:04:51.66
Copyright © Digital Equipment Corporation 1996. All Rights Reserved.