The Question is:
We are using External Authentication to allow VMS users to be authenticated by
LANMAN on an NT domain. We have an application on our VMS sytems that requires
its own login using the SYSUAF. If a user changes their LANMAN password they
need to login to VMS
to cause their SYSUAF password to sync with the LANMAN password. Until they
perform this step they will not be able to login to the application. We would
like our VMS app to authenticate via the NT domain instead of the SYSUAF so
users can bypass this st
ep. Would the LOGINOUT Routine allow us to do this. In other words, if our app
called the LOGINOUT Routine to authenticate can it authenticate against LANMAN
instead of SYSUAF?
The Answer is :
You do not indicate why the password is necessary for the server
application. The OpenVMS Wizard will assume you have a variety
of users and need to specifically identify a particular user.
Additional work on External Authentication is in progress within
OpenVMS Engineering, with support expected to be available in (or
potentially prior to) the OpenVMS V7.4 release. The OpenVMS Wizard
would tend to recommend Kerberos as the external authentication
mechanism, though the system service mechanism under development
is generic and will also permit access to LANMAN-based authentication.
If you have Advanced Server or PATHWORKS installed, an application
that wishes to verify a LANMAN password can spawn a command procedure
that uses the ADMIN/PATHWORKS LOGIN command to attempt to log the
user in, and -- if sucessful -- immediately log the user back out.
For Version V5.x of PATHWORKS, a similar technique using the NET
command interface is possible.
This brute-force technique is not sensitive to the version of OpenVMS
nor does it require external authentication, and it will generally
function as far back as OpenVMS VAX 5.5-2 (if not earlier).
The OpenVMS Wizard will assume you are familiar with COM and related
supporting software available on OpenVMS.