HP OpenVMS Systems

ask the wizard
Content starts here

PATHWORKS LANMAN External Authentication?

» close window

The Question is:

We are using External Authentication to allow VMS users to be authenticated by
 LANMAN on an NT domain. We have an application on our VMS sytems that requires
 its own login using the SYSUAF. If a user changes their LANMAN password they
 need to login to VMS
 to cause their SYSUAF password to sync with the LANMAN password. Until they
 perform this step they will not be able to login to the application. We would
 like our VMS app to authenticate via the NT domain instead of the SYSUAF so
 users can bypass this st
ep. Would the LOGINOUT Routine allow us to do this. In other words, if our app
 called the LOGINOUT Routine to authenticate can it authenticate against LANMAN
 instead of SYSUAF?
George Meyers

The Answer is :

  You do not indicate why the password is necessary for the server
  application.  The OpenVMS Wizard will assume you have a variety
  of users and need to specifically identify a particular user.
  Additional work on External Authentication is in progress within
  OpenVMS Engineering, with support expected to be available in (or
  potentially prior to) the OpenVMS V7.4 release.  The OpenVMS Wizard
  would tend to recommend Kerberos as the external authentication
  mechanism, though the system service mechanism under development
  is generic and will also permit access to LANMAN-based authentication.
  If you have Advanced Server or PATHWORKS installed, an application
  that wishes to verify a LANMAN password can spawn a command procedure
  that uses the ADMIN/PATHWORKS LOGIN command to attempt to log the
  user in, and -- if sucessful -- immediately log the user back out.
  For Version V5.x of PATHWORKS, a similar technique using the NET
  command interface is possible.
  This brute-force technique is not sensitive to the version of OpenVMS
  nor does it require external authentication, and it will generally
  function as far back as OpenVMS VAX 5.5-2 (if not earlier).
  The OpenVMS Wizard will assume you are familiar with COM and related
  supporting software available on OpenVMS.

answer written or last revised on ( 6-FEB-2001 )

» close window