Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cbosgd!ulysses!ucbvax!mitre.ARPA!art From: art@mitre.ARPA.UUCP Newsgroups: mod.computers.vax Subject: Re: password verification... Message-ID: <8701291654.AA24289@mitre.ARPA> Date: Thu, 29-Jan-87 23:20:04 EST Article-I.D.: mitre.8701291654.AA24289 Posted: Thu Jan 29 23:20:04 1987 Date-Received: Sat, 31-Jan-87 03:21:35 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The MITRE Corp., Washington, D.C. Lines: 39 Approved: info-vax@sri-kl.arpa It would be possible to use the remote DECnet loggin facility to allow a program to collect the password, pick up the current user name, and then attempt to loggin remotely thru DECnet to allow LOGINOUT to verify the usename and password. The result will be establishment of a logical link if the password is valid and failure to establish the link if the password is bad. Details left to the reader. I know of systems using it where they validate to a remote user authorization file. I do not see why they would not also work to a local UAF. I do not know if you will need the DECnet key to do this. Major advantage is it will work across all current and future versions of VMS, does not require a separate file from the UAF. Major disadvantage is that the validation will probably take 1-2 seconds and will create another process in the computer. * *---Art * *Arthur T. McClinton Jr. ARPA: ART@MITRE.ARPA *Mitre Corporation MS-Z305 Phone: 703-883-6356 *1820 Dolley Madison Blvd Internal Mitre: ART@MWVMS or M10319@MWVM *McLean, Va. 22102 DECUS DCS: MCCLINTON * =-=- This note is in response to yours which follows -=-= I am interested in the inclusion of a module within my program which first asks a user to enter their password, passes that program through the standard VMS one-way encryption formula and then compares it with the password stored in SYSUAF.DAT. In this way, I can assure that the authorized user is actually at the terminal when the command is entered (just as VMS SET PASSWORD required that you know your old password). Does anyone know of a high-level (e.g. non-macro) system call to VMS that accomplishes this}i feat?