|
HP OpenVMS Systemsask the wizard |
|
The Question is: We are using External Authentication to allow VMS users to be authenticated by LANMAN on an NT domain. We have an application on our VMS sytems that requires its own login using the SYSUAF. If a user changes their LANMAN password they need to login to VMS to cause their SYSUAF password to sync with the LANMAN password. Until they perform this step they will not be able to login to the application. We would like our VMS app to authenticate via the NT domain instead of the SYSUAF so users can bypass this st ep. Would the LOGINOUT Routine allow us to do this. In other words, if our app called the LOGINOUT Routine to authenticate can it authenticate against LANMAN instead of SYSUAF? Thanks George Meyers The Answer is : You do not indicate why the password is necessary for the server application. The OpenVMS Wizard will assume you have a variety of users and need to specifically identify a particular user. Additional work on External Authentication is in progress within OpenVMS Engineering, with support expected to be available in (or potentially prior to) the OpenVMS V7.4 release. The OpenVMS Wizard would tend to recommend Kerberos as the external authentication mechanism, though the system service mechanism under development is generic and will also permit access to LANMAN-based authentication. If you have Advanced Server or PATHWORKS installed, an application that wishes to verify a LANMAN password can spawn a command procedure that uses the ADMIN/PATHWORKS LOGIN command to attempt to log the user in, and -- if sucessful -- immediately log the user back out. For Version V5.x of PATHWORKS, a similar technique using the NET command interface is possible. This brute-force technique is not sensitive to the version of OpenVMS nor does it require external authentication, and it will generally function as far back as OpenVMS VAX 5.5-2 (if not earlier). The OpenVMS Wizard will assume you are familiar with COM and related supporting software available on OpenVMS.
|