The Question is:
Is there a way to prompt a user logging on for the first time with a question
as another level of authentification. If the question were not answered
correctly login would not be allowed ?
PS your site is great
The Answer is :
Please first read and understand (4612) and (5333), the former for
the discussion of passwords and the latter for discussion of secondary
The user has already authenticated themselves to OpenVMS, to the
limits of the default password-based authentication mechanism.
Put another way, why is the first login any different from any
You are potentially publishing an algorthm-based scheme that will
allow an arbitrary user to determine a pre-generated password for
a particular username. This approach is not recommended, for reasons
that you are well aware: there is no particular authentication here,
as a nefarious-minded user can often easily determine the password
of another user. If you must generate passwords for users, the
OpenVMS Wizard would use and would assume the verification would
occur at the time of the password generation, possibly via CGI
scripts operating via a webserver. Topics (558), (1165), (1284),
(1990), (2912), (3700) and others may be of interest here. The
OpenVMS Wizard will assume a secure LAN, or an encrypted datalink
between the webbrowser and the webserver; a level of trust and of
encryption must be assumed, lest the password be unintentially
Password- and authentication-related topics particularly include
(4612), and also (1461), (1475), (1645), (2938), (3233), (3883),
(4303), (4778), (5333), (5508), (6328), and (7818). Among others.
As for adding prompts into SYLOGIN, please see topics (1147), (2021),
(2328), (2515), (3925), etc. Please realize that you are now writing
security-relevent code here, and your code can and potentially will
become an obvious target for security attacks. (If you choose to use
SYLOGIN, security based on DCL can be difficult to protect against even
causual examination, as well -- assuming that the user is not always
CAPTIVE, that is.)
The OpenVMS Wizard would also configure a pre-expired password, as
this would force the password to be changed. A related discussion
of a one-shot login mechanism is discussed in topic (6874).
If you wish to add to the authentication provided by OpenVMS, please
see the LGI callout mechanism.