Chapter 7 Managing System Access

Table of Contents

Defining Times and Conditions for System Access

Restricting Work Times
Restricting Modes of Operation
Restricting Account Duration
Disabling Accounts
Restricting Disk Volumes
Marking Accounts for External Authentication

Assigning Appropriate Accounts to Users

Types of System Accounts
Privileged Accounts
Interactive Accounts
Captive Accounts
Restricted Accounts
Automatic Login Accounts
Guest Accounts
Proxy Accounts
Externally Authenticated Accounts

Using Passwords to Control System Access

Types of Passwords
Enforcing Minimum Password Standards
Screening New Passwords
Password Protection Checklist

Enabling External Authentication

Overriding External Authentication
Impact on Layered Products and Applications
Setting a New Password
Case Sensitivity in Passwords and User Names
User Name Mapping and Password Verification
Password Synchronization
Specifying the SYS$SINGLE_SIGNON Logical Name Bits
Authentication and Credentials Management Extensions (ACME) Subsystem

Controlling the Login Process

Informational Display During Login
Limiting Disconnected Processes
Providing Automatic Login
Using the Secure Server
Detecting Intruders
Understanding the Intrusion Database
Security Server Process

This chapter explains how you give users access to a system by assigning user accounts and passwords. Descriptions are based on the security needs of a commercial installation with average security needs, where accounts require protection. Descriptions of above-average security needs are also noted. See the“Controlling Access to System Data and Resources” for information on controlling access to system data and resources. See “Managing the System and its Data” and “Security Auditing” for information on auditing user actions.

The Authorize utility (AUTHORIZE) is the primary tool for establishing accounts and passwords. See the HP OpenVMS System Management Utilities Reference Manual: A-L for a description of the utility.