HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 3 Using the System Responsibly

Knowing What Type of Password to Use

There are several types of passwords recognized by the OpenVMS operating system. In general, you need to provide a user password when you log in. In some cases, you might also need to provide a system password to gain access to a particular terminal before logging in with your user password. If you are using a system with high security requirements, you might need to provide a primary password and a secondary password.

If you are an externally authenticated user with external authentication enabled on your system, you enter your external password at the OpenVMS password prompt. See “Enabling External Authentication” for more information. “Types of Passwords” describes each type of password.

Table 3-2 Types of Passwords

Password Description

User password

Required for most accounts. After you enter your user name, you are prompted for a password. If the account requires both primary and secondary passwords, you must enter two passwords.

System password

Controls access to particular terminals and is required at the discretion of the security administrator. System passwords are usually necessary to control access to terminals that might be targets for unauthorized use, such as dialup and public terminal lines.

Primary password

The first of two user passwords to be entered for an account requiring both primary and secondary passwords.

Secondary password

The second of two user passwords to be entered for an account requiring both primary and secondary passwords. The secondary password provides an additional level of security on user accounts.

Typically, the general user does not know the secondary password; a supervisor or other key person must be present to supply it. For certain applications, the supervisor may also decide to remain present while the account is in use. Thus, secondary passwords facilitate controlled logins and the actions taken after a login.

Secondary passwords can be time-consuming and inconvenient. They are justified only at sites with maximum security requirements. An example of an account that justifies dual passwords would be one that bypasses normal access controls to permit emergency repair to a database.

 

Entering a System Password

Your security administrator will tell you if you must specify a system password to log in to one or more of the terminals designated for your use. Ask your security administrator for the current system password, how often it changes, and how to obtain the new system password when it does change.

To specify a system password, do the following:

  1. Press the Return key until the terminal responds with the recognition character, which is normally a bell.

    Return
    <bell>
  2. Enter the system password, and press Return.

    Return

    As this example shows, there is no prompt and no echo of the characters you type. If you fail to specify the correct system password, the system does not notify you. (Initially, you might think the system is malfunctioning unless you know that a system password is required at that terminal.) If you do not receive a response from the system, assume that you have entered the wrong password, and try again.

  3. When you enter the correct system password, you receive the system announcement message, if there is one, followed by the Username: prompt.

    For example:

    MAPLE - A member of the Forest ClusterUnauthorized Access Is Prohibited
    Username:
    

Entering a Secondary Password

Your security administrator decides whether to require the use of secondary passwords for your account at the time your account is created. When your account requires primary and secondary passwords, you need two passwords to log in. Minimum password length, which the security administrator specifies in your UAF record, applies to both passwords.

An example of a login requiring primary and secondary passwords follows:

     WILLOW - A member of the Forest Cluster
         Welcome to OpenVMS on node WILLOW
Username: RWOODS
Password: 
Return
Password: 
Return

Last interactive login on Friday, 12-DEC-2008 10:22
$

As with a single password login, the system allots a limited amount of time for the entire login. If you do not enter a secondary password in time, the login period expires.