LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1998, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1998, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Using MPE to authenticate users
From:	John Zoltak <[log in to unmask]>
Reply To:	John Zoltak <[log in to unmask]>
Date:	Tue, 17 Mar 1998 13:54:18 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (71 lines)

Gavin,
Problem #2 can be fixed by doing STREAM TEST < $NULL
No prompting occurs.

John Zoltak
North American Mfg Co

> -----Original Message-----
> From: Gavin Scott [SMTP:[log in to unmask]]
> Sent: Tuesday, March 17, 1998 1:44 PM
> To:   [log in to unmask]
> Subject:      [HP3000-L] Using MPE to authenticate users
>
> Jim writes:
> > The method I had devised (but not implemented) would attempt to
> stream a
> > job using the supplied Username and Password.  Then check HPCIERR to
> see
> > if the job launched successfully.
>
> Just for grins I tried to find a misuse of !JOB syntax that would
> allow
> you to check the passwords without actually submitting a job.  In ten
> minutes of playing around I was unable to find one.
>
> I did find lots of reasons why !JOB is a really lousy way to check
> passwords though :-)
>
> The top problems are:
>
> 1) If the user has appropriate capabilities, the passwords passed to
> the
>    !JOB command are ignored completely, and the job will always log
> on.
>    This makes it look as though the passwords are valid when they are
> not.
>
> 2) If you fail to specify a password, or specify a null password, the
>    :STREAM command will prompt you for each password three times.
>
> 3) All the jobs logging on and off causes lots of problems.
> Logon/logoff
>    is still a fairly intensive process, so there will be performance
>    issues, and the job numbers will increase much faster than usual.
>    Also the extra number of INVALID PASSWORD FOR... messages on the
>    console might make it less likely that you'll notice an attempt to
>    violate *MPE* security.
>
> The first two restrictions could be gotten around by doing the check
> in
> batch from a user without AM or SM capability, and which will never
> be asked to check the user password for the user *it* is running as.
> Otherwise it's not very useful.
>
> From a security point of view, any facility that lets you quietly test
> passwords for validity is a serious security hole, so there shouldn't
> be any (non-privileged) way to do this that doesn't have a side-effect
> such as the !JOB command's INVALID PASSWORD FOR... console messages.
>
> So what you need is some privileged routine that quietly tests the
> passwords for validity.  There may be something like this in MPE, but
> I
> don't know about it.  One option is to go get the real passwords out
> of the directory and do the compare yourself.  Code that does this
> is probably available in the public domain somewhere (I've seen it
> done several times).  Of course the user might have used SECCONF to
> enable encrypted passwords, in which case even this won't do you any
> good.
>
> G.

ATOM RSS1 RSS2

RAVEN.UTC.EDU