HP3000-L Archives

December 2001, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: How to Lockout Account/User After X Failed Password Attempts?
From:
Robert Mills <[log in to unmask]>
Reply To:
Robert Mills <[log in to unmask]>
Date:
Thu, 13 Dec 2001 12:26:20 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (83 lines) 
Tim,

I am making the following assumptions in my answers to your question:

1) You are using MPE User and/or Account passwords.
2) You are using Security/3000 passwords via the UDC LOGONUDC.PUB.VESOFT
that is probably set at SYSTEM level.
3) You are NOT using the %BACKG LOGON task.

At a previous employers (a global investment house) we had the access to our
HP3000 set up as follows:

1) MPE passwords were NOT used. Each user has a password protected Security
profile.
2) The AIF:PE was used to run Security LOGON checking (see the manual for
details).
3) The SECURCON.DATA.VESOFT contained (amongst other commands):

(* ALL users who try to log on are to be validated against the user profile
*)
(* database. Anybody who lacks a profile will NOT be permitted to logon. *)
$VEPROFILE @.@
(* Display the following prompt when password required. *)
$VEPASS-PROMPT "PLEASE ENTER YOUR PASSWORD: " @.@
(* Deactivate terminal after 3 unsuccessful logon attempts. *)
$TERM-DEACTIVATE 3
(* Deactivate profile after 3 unsuccessful logon attempts. *)
$VE-NUM-TRIES 3

Our auditors had somebody spend two weeks trying to hack into our system
without any success. Took them 1/2 hour to hack into the Unix (HPUX and Sun)
boxes.

For any more details your Security supplier should be able to help you.

regards,

*****************************
Robert W.Mills, Systems Development Manager, Windsong Services
Electron House, Cray Avenue, St. Mary Cray, Kent BR5 3PN, ENGLAND
Tel: +44 (0)1689.870622 x 3005  Fax: +44 (0)1689 899026
[log in to unmask]
********************************
The thoughts, comments, and opinions expressed herein are mine.
They do not reflect those of my employer, nor anyone else.
********************************
***Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipients and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.

-----Original Message-----
From: Atwood, Tim (DVM) [mailto:[log in to unmask]]
Sent: 12 December 2001 20:35
To: [log in to unmask]
Subject: How to Lockout Account/User After X Failed Password Attempts?


Our corporate security auditors insist logons on the HP3000 must "lock out"
for a period of time after a certain number of failed password attempts. I
know of no way this is possible, so I thought I would ask if anyone on the
list knows a way.

We currently use Vesoft's Security/3000 for security. But of course it can
only run following a successful logon. So there is no way it can count
number of failed password attempts when no successful logon has occurred.

Of course the HP3000 itself only allows three password attempt before a new
"HELLO" command must be entered. And the failed logon is logged, etc., etc.
But the auditors insist the particular user/account must then be locked out
from any further logon attempts for some period of time or until an
administrator resets it.

Anyone have any ideas if this is possible and how to do it?

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2