The answer to your auditors is NOT in encrypting passwords. The answer
lies in restricting AM and SM capability to only those key personnel who
can use the the ";pass" parameter within established policy.
AM and SM capability also presumes the same capability to change another
user's password, and therefore also the ability to look it up.
On Wed, 15 Jul 1998, Wong, Wilson wrote:
> I'm sure this has been asked about before, but is there a way to encrypt
> MPE passwords so that they cannot be easily read with the ;pass
> parameter (i.e. listuser xxx.yyy;pass). The auditor who is doing our
> audit is very interested in the answer to this.
Tracy Johnson
[log in to unmask]