LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2006, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2006, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: System lockouts using MPEX
From:	Gilles Schipper <[log in to unmask]>
Reply To:	Gilles Schipper <[log in to unmask]>
Date:	Mon, 28 Aug 2006 18:15:23 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (80 lines)

I believe the answer is NO.

In order to do what you want, you would need to set up a 
sessionname,username.acctname entry in the SECURITY3000 database for 
each entity that you would want to lock out after a failed logon attempt.

We had exactly the same requirement at one of my customers.

To satisfy the lockout requirements, we had to convert all users in 
certain accounts from having security3000 passwords - instead of MPE 
user passwords.

We were able to achieve this virtually transparent to the users by 
simply setting up an entry for each user in the given accounts in the 
security3000 database as follows:

:mpex
%sec add @,username.acctname;vepass=1,userpassword

Note the @, which would make that entry applicable for any or no 
session name associated with the user/account. We did that because 
our users normally do not use session names and we did not want users 
being able to circumvent security rules by utilizing a session name.

Dropping the password from mpe user name could raise batch security 
issues - for which there also exist Security3000 solutions.

Hope that helps.

At 05:16 PM 2006/08/24, Newton, Ernie wrote:

>Greetings,
>
>We use MPEX to create user profiles only for those users that have
>access to
>logons with a colon prompt.  99% of our users never see the colon
>prompt, they
>go straight to a menu system.  These users log on with USERNAME.ACCOUNT.
>
>Is there a way, using MPEX, to lock users out after a number of failed
>logon attempts
>when they are not set up with a user profile?
>
>I have RTFM and can only see lockouts for those users with a known
>profile.
>
>Thanks,
>
>Ernie Newton
>
>--
>This message has been scanned for viruses
>and dangerous content by the
>Yolo County Office of Education MailScanner,
>and is believed to be clean.
>
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 2006/08/23

-------------------------------------------------------------------------------------------------
Gilles Schipper
GSA Inc.
HP System Administration Specialists
300 John Street, Box 87651   Thornhill, ON Canada L3T 7R4
Voice: 905.889.3000     Fax: 905.889.3001
email:  [log in to unmask]  web: http://www.gsainc.com
-------------------------------------------------------------------------------------------------

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU