HP3000-L Archives

July 1998, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Encrypting MPE Passwords
From:
Tracy Johnson <[log in to unmask]>
Reply To:
Tracy Johnson <[log in to unmask]>
Date:
Thu, 16 Jul 1998 04:45:55 +0000
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (17 lines) 
The answer to your auditors is NOT in encrypting passwords.  The answer
lies in restricting AM and SM capability to only those key personnel who
can use the the ";pass" parameter within established policy.

AM and SM capability also presumes the same capability to change another
user's password, and therefore also the ability to look it up.

On Wed, 15 Jul 1998, Wong, Wilson wrote:

> I'm sure this has been asked about before, but is there a way to encrypt
> MPE passwords so that they cannot be easily read with the ;pass
> parameter (i.e. listuser xxx.yyy;pass).  The auditor who is doing our
> audit is very interested in the answer to this.

Tracy Johnson
[log in to unmask]

ATOM RSS1 RSS2