My understanding is that the 'parm=-1' option is valid *only* for users with SM
capability and *not* only for the Manager.sys user.
 
If one is concerned about hackers coming through VT or Telnet trying to gain
access to the system and using the '-1' option to bypass any UDCs, why not take
away the SM capability from MANAGER.SYS and create a site specific sys user with
SM capability?
 
Regards
 
Paul H. Christidis
 
______________________________ Reply Separator _________________________________
Subject: Re[2]: disable PARM=-1 signon
Author:  [log in to unmask] at CCGATE
Date:    8/20/1996 5:43 PM
 
 
 In <[log in to unmask]> [log in to unmask] writes:
 
> Shawn, very unfortunately, asks:
> > I understand that HP finally gave us a way to configure weather PARM=-1 is
> > available at signon time.  Can someone tell me how to change it?
>
> I'd prefer to say: no
>
> But, if you do decide to do this *VERY UNWISE* action...you do it
> via SYSGEN:
 
[snipped]
 
Very true about the UDC backdoor; but if your machine is accessible via the
'net and option logon UDCs are your main line of defense (it's easy to set
up UDCs that check the initiating machine's name and IP address for
incoming network connections; or to disallow network connections to certain
logons at all) then allowing anyone to VT or telnet into your system and
try :HELLO MANAGER.SYS;PARM=-1 until they guess your passwords is a difficult
tradeoff. Aside from disallowing incoming VT or telnet access to your
machine at all, there's not much you can do but sit there and watch them...
 
                        -Chris Bartram