LISTSERV - HP3000-L Archives

HP3000-L Archives

September 2001, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 2001, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	SecurityMonitor/iX (was: Re: Help!! Auditors)
From:	Goetz Neumann <[log in to unmask]>
Reply To:	Goetz Neumann <[log in to unmask]>
Date:	Fri, 14 Sep 2001 04:45:26 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

Raymond Familar wrote:
>
> Audit had a number of issues with the product.  One issue was that the
> security group had set up SecMon to log the use of NEWUSER and ALTUSER.
> That seems reasonable, but that also means that the password is recorded in
> the log in plain text.  Yes, the user should change their password once
> they use that initial login, but there is no way to ensure that happens.

I am sorry to hear you/the auditors are unhappy with our product.
I am also sorry to understand that maybe our product manuals are
not clear enough to help you understand that what you are trying
to achieve is indeed possible :

:newuser testsec.neumann;home=pub;pass=abcdefg;USERPASS=REQ,EXPIRED
:hello testsec.neumann
CPU=1. Connect=1. FRI, SEP 14, 2001, 10:53 AM.
ENTER ACCOUNT (NEUMANN) PASSWORD:

ENTER USER (TESTSEC) PASSWORD:   <abcedfg>

USER PASSWORD HAS EXPIRED
ENTER NEW USER PASSWORD:         <abcdefg> just to check it
                                  works correctly :-)

New PASSWORD must be different from old password. (CIERR 2528)

ENTER NEW USER PASSWORD:

ENTER NEW USER PASSWORD AGAIN:

PASSWORD WAS CHANGED SUCCESSFULLY.

> HP wasn't much help with the SecMon.  When we called to open an SR on that
> issue, the techs had no real knowledge of the product.  I was told that
> they are using security/3000.  Now we are moving to security/3000 after
> going PROD.  Yes, lots of fun.  My recommendation is to go with
> security/3000 and save yourself some headaches.

I am equally sorry to hear that HP was not much help.
Though it is true that SecurityMonitor/iX is probably
not as widespread used as some other vendors offerings,
I must say that I feel a bit embarassed that it took me
only 15 minutes to lookup the manuals and a few tests
to find the above working, and , if I understand you correctly,
the solution to your issue.

http://www.docs.hp.com/mpeix/onlinedocs/32650-90498/32650-90498.html

is where I looked in the
"Managing System Users with Passwords and Logon Restrictons" chapter.

I hope this helps,

Goetz.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU