HP OpenVMS Guide to System Security

Security for the User

Using the System Responsibly

Choosing a Password for Your Account

Password Requirements for Different Types of Accounts

Knowing What Type of Password to Use  

If you are an externally authenticated user with external authentication enabled on your system, you enter your LAN Manager password at the OpenVMS password prompt. See Enabling External Authentication for more information. Types of Passwords describes each type of password.

Table 2   Types of Passwords

Password	Description
User password	Required for most accounts. After you enter your user name, you are prompted for a password. If the account requires both primary and secondary passwords, you must enter two passwords.
System password	Controls access to particular terminals and is required at the discretion of the security administrator. System passwords are usually necessary to control access to terminals that might be targets for unauthorized use, such as dialup and public terminal lines.
Primary password	The first of two user passwords to be entered for an account requiring both primary and secondary passwords.
Secondary password	The second of two user passwords to be entered for an account requiring both primary and secondary passwords. The secondary password provides an additional level of security on user accounts. Typically, the general user does not know the secondary password; a supervisor or other key person must be present to supply it. For certain applications, the supervisor may also decide to remain present while the account is in use. Thus, secondary passwords facilitate controlled logins and the actions taken after a login. Secondary passwords can be time-consuming and inconvenient. They are justified only at sites with maximum security requirements. An example of an account that justifies dual passwords would be one that bypasses normal access controls to permit emergency repair to a database.

Entering a System Password  

Your security administrator will tell you if you must specify a system password to log in to one or more of the terminals designated for your use. Ask your security administrator for the current system password, how often it changes, and how to obtain the new system password when it does change.

To specify a system password, do the following:

1. Press the Return key until the terminal responds with the recognition character, which is normally a bell.

   Return 
   <bell>

2. Enter the system password, and press Return.

   Return 

   As this example shows, there is no prompt and no echo of the characters you type. If you fail to specify the correct system password, the system does not notify you. (Initially, you might think the system is malfunctioning unless you know that a system password is required at that terminal.) If you do not receive a response from the system, assume that you have entered the wrong password, and try again.
3. When you enter the correct system password, you receive the system announcement message, if there is one, followed by the Username: prompt.
   
   For example:

   MAPLE - A member of the Forest Cluster
        Unauthorized Access Is Prohibited     
   
   Username:

Entering a Secondary Password  

Your security administrator decides whether to require the use of secondary passwords for your account at the time your account is created. When your account requires primary and secondary passwords, you need two passwords to log in. Minimum password length, which the security administrator specifies in your UAF record, applies to both passwords.

An example of a login requiring primary and secondary passwords follows:

     WILLOW - A member of the Forest Cluster
         Welcome to OpenVMS on node WILLOW

Username: RWOODS
Password: Return 
Password: Return 

    Last interactive login on Friday, 11-DEC-2001 10:22
$

Choosing a Password for Your Account

Password Requirements for Different Types of Accounts