Re: Password expiration and non-interactive access question

---

• From: David J Dachtera <djesys.no@xxxxxxxxxxxxxxxx>
• Date: Thu, 14 Dec 2006 21:24:38 -0600

---

Larry Kilgallen wrote:

In article <OFF33EC97B.2E8142E7-ON85257243.0076DBA7-85257243.0076F2E4@xxxxxxxxx>, norm.raphael@xxxxxxxxx writes:

Kilgallen@xxxxxxxxxxx (Larry Kilgallen) wrote on 12/13/2006 04:14:21 PM:

In article <OF49A64769.88FEB730-ON85257243.00723863-85257243.
00728B0F@xxxxxxxxx>, norm.raphael@xxxxxxxxx writes:

I see an account with NETWORK access only allowed and a recent network
login,
but a finite passwordlifetime and a password change date in 1997, yet

the

password
on the FTP transfers continues to work. Is this expected behavior?

What

am I
not getting?

There is no way for a NETWORK login to change the password, so there is
no occasion for LOGINOUT to force a change.

For most uses of a password (as distinguished from proxy login) in
such situations the password has been stored in a computer device so
forcing password changes does not increase security anyway.

Thanks, Larry. That makes sense and is consistent. Now I just need to
enlighten the SOX auditors....

Locking the password might reduce the chance that the SOX auditor's
tools would flag this. It might flag the locked password, but that
is typically something for which a "permitted exceptions" list is
maintained by the site.

Can you point me to the doc. where it talks about "locking a password"? That's a
new one on me, VMS-wise.

--
David J Dachtera
dba DJE Systems
http://www.djesys.com/

Unofficial OpenVMS Marketing Home Page
http://www.djesys.com/vms/market/

Unofficial Affordable OpenVMS Home Page:
http://www.djesys.com/vms/soho/

Unofficial OpenVMS-IA32 Home Page:
http://www.djesys.com/vms/ia32/

Unofficial OpenVMS Hobbyist Support Page:
http://www.djesys.com/vms/support/
.

---

• Follow-Ups:
  • Re: Password expiration and non-interactive access question
    • From: Paul Sture

• References:
  • Re: Password expiration and non-interactive access question
    • From: norm . raphael
  • Re: Password expiration and non-interactive access question
    • From: Larry Kilgallen

• Prev by Date: Re: textual description of digital keyboards?
• Next by Date: Re: /LGICMD suggestion
• Previous by thread: Re: Password expiration and non-interactive access question
• Next by thread: Re: Password expiration and non-interactive access question
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... There is no way for a NETWORK login to change the password, ... Unofficial OpenVMS Hobbyist Support Page: ... (comp.os.vms) Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... but a finite passwordlifetime and a password change date in 1997, ... There is no way for a NETWORK login to change the password, ... tools would flag this. ... (comp.os.vms) Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... but a finite passwordlifetime and a password change date in 1997, ... There is no way for a NETWORK login to change the password, ... (comp.os.vms) Re: Password expiration and non-interactive access question ... I see an account with NETWORK access only allowed and a recent network ... but a finite passwordlifetime and a password change date in 1997, ... There is no way for a NETWORK login to change the password, ... (comp.os.vms) Re: priviledge escalation techniques ... you've all the tools you need, and you can install additional ones (to ... If I press that BEFORE login, a CLI as SYSTEM is started, I can launch ... If the network is switched, perhaps you need an ARP poisoning tool. ... switches) in such a way that you can fool an ARP poisoning attempt. ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)