Wilson writes:
> I'm sure this has been asked about before, but is there a way to encrypt
> MPE passwords so that they cannot be easily read with the ;pass
> parameter (i.e. listuser xxx.yyy;pass).  The auditor who is doing our
> audit is very interested in the answer to this.

HP sells something called Security Monitor/iX (I believe that's the
right name) which I believe can enable encrypted passwords on MPE.  The
support for this is built in at a low level, meaning that the passwords
only exist in a one-way encrypted form (I believe) which can't practically
be turned back into a valid password (of course it could be used to
guess passwords if you can get at the encrypted password and know the
algorithm used).

Few sites use this, and a number of 3rd party tools rely on the ability
to extract paswords from the directory for insertion into job streams, etc.
These would probably quit working in this case, so as with most
forms of security there is probably some degree of pain involved in
enabling this feature (other than the cost of the product that is :-)

Vesoft's Security/3000 keeps *its* passwords one-way encrypted, though
I don't know how strong their one-way hash algorithm is (I don't know
much about HP's either for that matter).

Security Monitor is configured through the program SECCONF.PUB.SYS.

G.