Re: Password expiration and non-interactive access question

Paul Sture wrote:

In article <45821576.DFB7A017@xxxxxxxxxxxxxxxx>,
David J Dachtera <djesys.no@xxxxxxxxxxxxxxxx> wrote:

Larry Kilgallen wrote:

In article
<OFF33EC97B.2E8142E7-ON85257243.0076DBA7-85257243.0076F2E4@xxxxxxxxx>,
norm.raphael@xxxxxxxxx writes:


Kilgallen@xxxxxxxxxxx (Larry Kilgallen) wrote on 12/13/2006 04:14:21 PM:

In article <OF49A64769.88FEB730-ON85257243.00723863-85257243.
00728B0F@xxxxxxxxx>, norm.raphael@xxxxxxxxx writes:

I see an account with NETWORK access only allowed and a recent network
login,
but a finite passwordlifetime and a password change date in 1997, yet
the
password
on the FTP transfers continues to work. Is this expected behavior?
What
am I
not getting?

There is no way for a NETWORK login to change the password, so there is
no occasion for LOGINOUT to force a change.

For most uses of a password (as distinguished from proxy login) in
such situations the password has been stored in a computer device so
forcing password changes does not increase security anyway.

Thanks, Larry. That makes sense and is consistent. Now I just need to
enlighten the SOX auditors....

Locking the password might reduce the chance that the SOX auditor's
tools would flag this. It might flag the locked password, but that
is typically something for which a "permitted exceptions" list is
maintained by the site.

Can you point me to the doc. where it talks about "locking a password"?
That's a
new one on me, VMS-wise.

SYSUAF> MOD username/FLAGS=LOCKPWD

LOCKPWD Prevents the user from changing the password
for the account. By default, users can change
their passwords (NOLOCKPWD).

"Prevents the user from changing the password" but not the SysAdmin. I guess
that's what threw me off.

Goofy thing is, it seems inconsistent with other IT Security axioms that require
long, goofy, mixed-case alphanumeric passwords that can't be remembered.

--
David J Dachtera
dba DJE Systems
http://www.djesys.com/

Unofficial OpenVMS Marketing Home Page
http://www.djesys.com/vms/market/

Unofficial Affordable OpenVMS Home Page:
http://www.djesys.com/vms/soho/

Unofficial OpenVMS-IA32 Home Page:
http://www.djesys.com/vms/ia32/

Unofficial OpenVMS Hobbyist Support Page:
http://www.djesys.com/vms/support/
.

Relevant Pages

  • Re: RDP works as admin, not user, black screen (3rd request for help)
    ... & Smart Display MVP) ... >account, it works!!!! ... >in, and then remains black, no successful login. ... >PC's on the network do work as they are supposed ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Domain Changed (HELP Please!!)
    ... So if all users on this active directory have local admin rights, ... be able to login under my previous account username? ... >> I have a Dell laptop and it was setup to login to an active directory system ... >> network at the hotel. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Password expiration and non-interactive access question
    ... I see an account with NETWORK access only allowed and a recent network ... but a finite passwordlifetime and a password change date in 1997, ... There is no way for a NETWORK login to change the password, ... Unofficial OpenVMS Hobbyist Support Page: ...
    (comp.os.vms)
  • Re: User cant access OWA or RWW
    ... She can login locally with no problems. ... create a new account for her. ... on her personal laptop which is outside the network, ... User not allowed to logon at this computer ...
    (microsoft.public.windows.server.active_directory)
  • Re: User cant access OWA or RWW
    ... She can login locally with no problems. ... create a new account for her. ... on her personal laptop which is outside the network, ... User not allowed to logon at this computer ...
    (microsoft.public.windows.server.active_directory)