>-----Original Message-----
>From: HP-3000 Systems Discussion [mailto:[log in to unmask]]On
>Behalf Of Newton, Ernie
>I turned off my personal password in MPEX using
SEC CHANGE ERNIE, @.@;NOPASS
>I then needed to do some testing things and happily created an account
>called TEST. I then tried to log into that account and MPEX asked me for my
>password again. Problem is, it wouldn't take my password.
>
>Why did it do that?
On Tue, 24 Jul 2001 16:02:29 -0400, Jonathan M. Backus
<[log in to unmask]> wrote:
>The answer lies somewhere in your Security/3000 configuration file and/or
>within the security profiles defined. I am being some what generalized on
>purpose. Public discussion about how to cripple or remove security is
>typically not a good thing.
I'll second Jonathan's point on specific methods of circumvention, however
what follows here is information included in the Security/3000 manual, so
it is essentially public knowledge...
Security/3000 "profiles" go from the most specific (session,user.account)
to the most generic (@,@.@) "ERNIE,@.@" is one step removed from the most
generic profile (well, two actually: "@.@" with a BLANK session name fits
between these two profiles) Something like "@,@.TEST" or "@,MGR.TEST"
would be more specific than "ERNIE,@.@" and would take precedence.
That said, the way a SYSTEM MANAGER would determine what profiles are
active for a specific user/account/session/device combination is through
the use of the %SEC SHOW command. (yes "device" -- you can attach
additional restrictions on dial-up connections for instance). For example:
%sec show ERNIE,MGR.PROD
$VEPROFILE SECURITY/3000 user profiles are ENFORCED
User is ERNIE,@.@
Real name is "Ernie Newton"
...
%sec show ERNIE,MGR.TEST
$VEPROFILE SECURITY/3000 user profiles are ENFORCED
User is @,@.TEST
Real name is "Test User"
...
Another thing to consider is that Security/3000 profiles & passwords are
stored in a different location than the system tables (files). So I
suspect that "some time in the past" your system had a TEST account, and a
profile was created for it, but the profile was never deleted when
the "testing" completed...
Tom
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|