SEARCH CONTACT US SUPPORT SERVICES PRODUCTS STORE
United States    
COMPAQ STORE | PRODUCTS | SERVICES | SUPPORT | CONTACT US | SEARCH
gears
compaq support options
support home
software & drivers
ask Compaq
reference library
support forum
frequently asked questions
support tools
warranty information
service centers
contact support
product resources
parts for your system
give us feedback
associated links
.
} what's new
.
} contract access
.
} browse patch tree
.
} search patches
.
} join mailing list
.
} feedback
.
patches by topic
.
} DOS
.
} OpenVMS
.
} Security
.
} Tru64 Unix
.
} Ultrix 32
.
} Windows
.
} Windows NT
.
connection tools
.
} nameserver lookup
.
} traceroute
.
} ping 

OpenVMS ALPLOGI07_071 OpenVMS Alpha V7.1 LOGINOUT ECO Summary


TITLE: OpenVMS ALPLOGI07_071 OpenVMS Alpha V7.1 LOGINOUT ECO Summary
 
NOTE:  An OpenVMS saveset or PCSI installation file is stored
       on the Internet in a self-expanding compressed file.
       The name of the compressed file will be kit_name-dcx_vaxexe
       for OpenVMS VAX or kit_name-dcx_axpexe for OpenVMS Alpha.
 
       Once the file is copied to your system, it can be expanded
       by typing RUN compressed_file.  The resultant file will
       be the OpenVMS saveset or PCSI installation file which
       can be used to install the ECO.
 

Copyright (c) Compaq Computer Corporation 1998.  All rights reserved.


Modification Date:  12-AUG-98
Modification Type:  Updated ECO Kit:  Supersedes ALPLOGI06_071 


PRODUCT:    DIGITAL OpenVMS Alpha

COMPONENT:  LOGINOUT

SOURCE:     Compaq Computer Corporation

ECO INFORMATION:

     ECO Kit Name:  ALPLOGI07_071
     ECO Kits Superseded by This ECO Kit:  ALPLOGI06_071
                                           ALPLOGI05_071 
                                           ALPLOGI04_071
                                           ALPLOGI03_071
                                           ALPLOGI02_071

     ECO Kit Approximate Size:  1296 Blocks
     Kit Applies To:  OpenVMS Alpha V7.1, V7.1-1H1, V7.1-1H2 
     System/Cluster Reboot Necessary:  No
     Installation Rating:  1 - To be installed on all systems running
                               the listed versions of OpenVMS. (that have 
                               not installed the ALPLOGI06_071 remedial kit).

     Kit Dependencies:

       The following remedial kit(s) must be installed BEFORE
       installation of this kit:

          None

       In order to receive all the corrections listed in this
       kit, the following remedial kits should also be installed:

          None


ECO KIT SUMMARY:

An ECO kit exists for LOGINOUT.EXE on OpenVMS Alpha V7.1 through 
V7.1-1H2.  This kit addresses the following problems: 

Problems Addressed in ALPLOGI07_071:

  o  The ALPLOGI06_071 documentation correctly stated that  the  kit
     did  not  require a re-boot.  However, during installation, the
     user was told that a re-boot was required.

     Aside from this installation message correction, there  are  no
     new  code  corrections  in this kit.  If you have installed the
     ALPLOGI06_071 remedial kit you do not need to install this kit.


Problems Addressed in ALPLOGI06_071:

  o  Blanks must be stripped from a password prior to OpenVMS
     password validation, which requires a conditioned password
     string (i.e., one that has blanks and control characters
     removed and alphabetic characters uppercased).  The
     blank-stripping feature was broken in OpenVMS V7.1.

     The problem occurred for interactive login (character cell and
     DECwindows), OpenVMS and external authentication logins, and
     network logins.


Problems Addressed in ALPLOGI05_071:

  o   The network login path invokes $CREPRC to run LOGINOUT.EXE and,
      by  convention,  uses the SYS$OUTPUT and SYS$ERROR logical name
      parameters of $CREPRC to pass network  related  information  to
      LOGINOUT.   Care  must  be  taken  in LOGINOUT to protect these
      logical names from being  used  for  normal  output  operations
      (such  as $PUTMSG, printf, etc.) until these logical names have
      been redefined appropriately.  Undesirable behavior may  result
      if  code attempts to assign channels to either of these logical
      names in their pre-conditioned state.  

      External authentication invokes  code  paths  that  attempt  to
      access these logical names, therefore the logical names will be
      redefined for the duration of external authentication call-outs
      so that channels cannot be assigned to them.


Problems Addressed in ALPLOGI04_071:

  o  Previous to  this  change,  when  external  authentication  was
     enabled   and   the   external   authentication   service   was     
     unavailable, logins at the console (OPA0) would  succeed  using    
     any  combination  of  username  and password, regardless of the    
     state of the UAF flag EXTAUTH, just as if the  SYSUAF.DAT  file    
     was unavailable or corrupt.                                        
                                                                    
     With this change, if external authentication is enabled and the    
     external  authentication  service is unavailable, logins at the    
     console will fall-back to SYSUAF-based authentication.  In this    
     situation,  logins  will  be  allowed  to any valid VMS account    
     whether or  not  tagged  EXTAUTH.   (Allowing  local  emergency    
     logins  to  EXTAUTH accounts satisfies those sites who may have    
     tagged the SYSTEM or operator's account EXTAUTH.)                  


Problems Addressed in ALPLOGI03_071:

  o  Unless explicitly permitted by the system manager, a  user  who
     is  flagged for "external authentication" should not be able to
     perform  a  network  login  when  the  external  authentication
     returns SS$_INVUSER.

  o  Uppercasing the username and  password  breaks  DCE  integrated
     login.   External  authentication  allows username and password
     fields to to be case-sensitive.  In the case  of  LAN  Manager,
     usernames  are  case-insensitive, passwords are case-sensitive.
     These fields must have their case preserved throughout LOGINOUT
     except when being used to lookup records in the SYSUAF file for
     standard OpenVMS username/password validation.


Problems Addressed in ALPLOGI02_071:

  o  Incorrect user authorization failures occur when attempts are
     made to log onto a system.


Problems Addressed in ALPLOGI01_071:

  o  User account gets DISUSER flag set when no intrusions are present.


INSTALLATION NOTES:

The system does not need to be rebooted after this kit is installed.
However, if you have other nodes in your OpenVMS VMScluster, they should
be rebooted or you should install this kit on each system in order to
make use of the new image.

This patch can be found at any of these sites:

Colorado Site
Georgia Site


Files on this server are as follows:

alplogi07_071.README
alplogi07_071.CHKSUM
alplogi07_071.CVRLET_TXT
alplogi07_071.a-dcx_axpexe

privacy and legal statement