I have had similar problems with our internal auditors.  They don't seem to
understand that there are platforms other than NT and UNIX.  Before I
showed up to set up the systems, HP Security Monitor had been purchased.
Audit had a number of issues with the product.  One issue was that the
security group had set up SecMon to log the use of NEWUSER and ALTUSER.
That seems reasonable, but that also means that the password is recorded in
the log in plain text.  Yes, the user should change their password once
they use that initial login, but there is no way to ensure that happens.
HP wasn't much help with the SecMon.  When we called to open an SR on that
issue, the techs had no real knowledge of the product.  I was told that
they are using security/3000.  Now we are moving to security/3000 after
going PROD.  Yes, lots of fun.  My recommendation is to go with
security/3000 and save yourself some headaches.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *