|
|
OpenVMS ALPLOGI07_071 OpenVMS Alpha V7.1 LOGINOUT ECO Summary
|
TITLE: OpenVMS ALPLOGI07_071 OpenVMS Alpha V7.1 LOGINOUT ECO Summary
NOTE: An OpenVMS saveset or PCSI installation file is stored
on the Internet in a self-expanding compressed file.
The name of the compressed file will be kit_name-dcx_vaxexe
for OpenVMS VAX or kit_name-dcx_axpexe for OpenVMS Alpha.
Once the file is copied to your system, it can be expanded
by typing RUN compressed_file. The resultant file will
be the OpenVMS saveset or PCSI installation file which
can be used to install the ECO.
Copyright (c) Compaq Computer Corporation 1998. All rights reserved.
Modification Date: 12-AUG-98
Modification Type: Updated ECO Kit: Supersedes ALPLOGI06_071
PRODUCT: DIGITAL OpenVMS Alpha
COMPONENT: LOGINOUT
SOURCE: Compaq Computer Corporation
ECO INFORMATION:
ECO Kit Name: ALPLOGI07_071
ECO Kits Superseded by This ECO Kit: ALPLOGI06_071
ALPLOGI05_071
ALPLOGI04_071
ALPLOGI03_071
ALPLOGI02_071
ECO Kit Approximate Size: 1296 Blocks
Kit Applies To: OpenVMS Alpha V7.1, V7.1-1H1, V7.1-1H2
System/Cluster Reboot Necessary: No
Installation Rating: 1 - To be installed on all systems running
the listed versions of OpenVMS. (that have
not installed the ALPLOGI06_071 remedial kit).
Kit Dependencies:
The following remedial kit(s) must be installed BEFORE
installation of this kit:
None
In order to receive all the corrections listed in this
kit, the following remedial kits should also be installed:
None
ECO KIT SUMMARY:
An ECO kit exists for LOGINOUT.EXE on OpenVMS Alpha V7.1 through
V7.1-1H2. This kit addresses the following problems:
Problems Addressed in ALPLOGI07_071:
o The ALPLOGI06_071 documentation correctly stated that the kit
did not require a re-boot. However, during installation, the
user was told that a re-boot was required.
Aside from this installation message correction, there are no
new code corrections in this kit. If you have installed the
ALPLOGI06_071 remedial kit you do not need to install this kit.
Problems Addressed in ALPLOGI06_071:
o Blanks must be stripped from a password prior to OpenVMS
password validation, which requires a conditioned password
string (i.e., one that has blanks and control characters
removed and alphabetic characters uppercased). The
blank-stripping feature was broken in OpenVMS V7.1.
The problem occurred for interactive login (character cell and
DECwindows), OpenVMS and external authentication logins, and
network logins.
Problems Addressed in ALPLOGI05_071:
o The network login path invokes $CREPRC to run LOGINOUT.EXE and,
by convention, uses the SYS$OUTPUT and SYS$ERROR logical name
parameters of $CREPRC to pass network related information to
LOGINOUT. Care must be taken in LOGINOUT to protect these
logical names from being used for normal output operations
(such as $PUTMSG, printf, etc.) until these logical names have
been redefined appropriately. Undesirable behavior may result
if code attempts to assign channels to either of these logical
names in their pre-conditioned state.
External authentication invokes code paths that attempt to
access these logical names, therefore the logical names will be
redefined for the duration of external authentication call-outs
so that channels cannot be assigned to them.
Problems Addressed in ALPLOGI04_071:
o Previous to this change, when external authentication was
enabled and the external authentication service was
unavailable, logins at the console (OPA0) would succeed using
any combination of username and password, regardless of the
state of the UAF flag EXTAUTH, just as if the SYSUAF.DAT file
was unavailable or corrupt.
With this change, if external authentication is enabled and the
external authentication service is unavailable, logins at the
console will fall-back to SYSUAF-based authentication. In this
situation, logins will be allowed to any valid VMS account
whether or not tagged EXTAUTH. (Allowing local emergency
logins to EXTAUTH accounts satisfies those sites who may have
tagged the SYSTEM or operator's account EXTAUTH.)
Problems Addressed in ALPLOGI03_071:
o Unless explicitly permitted by the system manager, a user who
is flagged for "external authentication" should not be able to
perform a network login when the external authentication
returns SS$_INVUSER.
o Uppercasing the username and password breaks DCE integrated
login. External authentication allows username and password
fields to to be case-sensitive. In the case of LAN Manager,
usernames are case-insensitive, passwords are case-sensitive.
These fields must have their case preserved throughout LOGINOUT
except when being used to lookup records in the SYSUAF file for
standard OpenVMS username/password validation.
Problems Addressed in ALPLOGI02_071:
o Incorrect user authorization failures occur when attempts are
made to log onto a system.
Problems Addressed in ALPLOGI01_071:
o User account gets DISUSER flag set when no intrusions are present.
INSTALLATION NOTES:
The system does not need to be rebooted after this kit is installed.
However, if you have other nodes in your OpenVMS VMScluster, they should
be rebooted or you should install this kit on each system in order to
make use of the new image.
Files on this server are as follows:
|
»alplogi07_071.README
»alplogi07_071.CHKSUM
»alplogi07_071.CVRLET_TXT
»alplogi07_071.a-dcx_axpexe
|