|
|
OpenVMS VAXLOGI06_071 OpenVMS VAX V7.1 LOGINOUT ECO Summary
|
TITLE: OpenVMS VAXLOGI06_071 OpenVMS VAX V7.1 LOGINOUT ECO Summary
Modification Date: 04-AUG-98
Modification Type: Updated Kit: Supersedes VAXLOGI05_071
NOTE: An OpenVMS saveset or PCSI installation file is stored
on the Internet in a self-expanding compressed file.
The name of the compressed file will be kit_name-dcx_vaxexe
for OpenVMS VAX or kit_name-dcx_axpexe for OpenVMS Alpha.
Once the file is copied to your system, it can be expanded
by typing RUN compressed_file. The resultant file will
be the OpenVMS saveset or PCSI installation file which
can be used to install the ECO.
Copyright (c) Compaq Computer Corporation 1998. All rights reserved.
PRODUCT: DIGITAL OpenVMS VAX
COMPONENT: LOGINOUT
SOURCE: Compaq Computer Corporation
ECO INFORMATION:
ECO Kit Name: VAXLOGI06_071
ECO Kits Superseded by This ECO Kit: VAXLOGI05_071
VAXLOGI04_071
VAXLOGI03_071
VAXLOGI02_071
VAXLOGI01_071
ECO Kit Approximate Size: 504 Blocks
Kit Applies To: OpenVMS VAX V7.1
System/Cluster Reboot Necessary: No
Installation Rating: 1 - To be installed on all systems running
the listed version(s) of OpenVMS.
Kit Dependencies:
The following remedial kit(s) must be installed BEFORE
installation of this kit:
None
In order to receive all the corrections listed in this
kit, the following remedial kits should also be installed:
None
ECO KIT SUMMARY:
An ECO kit exists for LOGINOUT.EXE on OpenVMS VAX V7.1. This kit
addresses the following problems:
Problems Addressed in VAXLOGI06_071:
o Blanks must be stripped from a password prior to OpenVMS
password validation, which requires a conditioned password
string (i.e., one that has blanks and control characters
removed and alphabetic characters uppercased). The
blank-stripping feature was broken in OpenVMS V7.1.
The problem occurred for interactive login (character cell and
DECwindows), OpenVMS and external authentication logins, and
network logins.
Problems Addressed in VAXLOGI05_071:
o SYS$OUTPUT logical name for network logins using external
authentication was not protected.
Problems Addressed in VAXLOGI04_071:
o Previous to this change, when external authentication was
enabled and the external authentication service was
unavailable, logins at the console (OPA0) would succeed using
any combination of username and password, regardless of the
state of the UAF flag EXTAUTH, just as if the SYSUAF.DAT file
was unavailable or corrupt.
With this change, if external authentication is enabled and the
external authentication service is unavailable, logins at the
console will fall-back to SYSUAF-based authentication. In this
situation, logins will be allowed to any valid VMS account
whether or not tagged EXTAUTH. (Allowing local emergency
logins to EXTAUTH accounts satisfies those sites who may have
tagged the SYSTEM or operator's account EXTAUTH.)
Problems Addressed in VAXLOGI03_071:
o Unless explicitly permitted by the system manager, a user who
is flagged for "external authentication" should not be able to
perform a network login when the external authentication
returns SS$_INVUSER.
o Uppercasing the username and password breaks DCE integrated
login. External authentication allows username and password
fields to to be case-sensitive. In the case of LAN Manager,
usernames are case-insensitive, passwords are case-sensitive.
These fields must have their case preserved throughout LOGINOUT
except when being used to lookup records in the SYSUAF file for
standard OpenVMS username/password validation.
Problems addressed in VAXLOGI02_071:
o Incorrect User Authorization failures when trying to log on to
a system.
Problems Addressed in VAXLOGI01_071 KIT
o User account gets DISUSER flag set when no intrusions are present.
INSTALLATION NOTES:
No reboot is necessary after successful installation of this kit.
If you have other nodes in your VMScluster, they should be rebooted
or this kit should be installed on each of them in order to make use
of the new image.
Files on this server are as follows:
|
»vaxlogi06_071.README
»vaxlogi06_071.CHKSUM
»vaxlogi06_071.CVRLET_TXT
»vaxlogi06_071.a-dcx_vaxexe
|