Path: utzoo!utgpu!water!watmath!clyde!rutgers!ucla-cs!zen!ucbvax!MITRE.ARPA!art
From: art@MITRE.ARPA (Art McClinton)
Newsgroups: comp.os.vms
Subject: Re: USER ID PASS validation on VMS
Message-ID: <8712171512.AA06909@mitre.arpa>
Date: 17 Dec 87 15:12:30 GMT
References: <355@siemens.UUCP>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The MITRE Corp., Washington, D.C.
Lines: 58

It is possible to use DECnet to open a logical link to a process using the 
username and password.  This can be done from within a program or from DCL.
The possible error messages that you can get for the link not being established
are:  invalid username and invalid password.  I think that this will totally
solve your problem.  Obviously, if the link is established, then both
the account and password are valid.  In this case drop the link and
continue.  Note that this does require that the DECnet network be up
and running.  It does not require a DECnet license to run DECnet on
your own machine, only do connect to other machines.  DECnet has some
nice features that may make it useful to run it even if you are not
networked to anyt other machine.  

This solution to password validation has been used before.  The coding
excersice is trivial.  

Stating that it is a security hole is a cop-out by the DECie that did not
know how to do it.

 
     
*
*---Art
*
*Arthur T. McClinton Jr.     ARPA: ART@MITRE.ARPA
*Mitre Corporation MS-Z305   Phone: 703-883-6356
*1820 Dolley Madison Blvd    Internal Mitre: ART@MWVMS or M10319@MWVM
*McLean, Va. 22102           DECUS DCS: MCCLINTON
*

  =-=- This note is in response to yours which follows -=-=

In article <1288@inco.UUCP> fennell@inco.UUCP (Tim Fennell) writes:
>
>    I need to find a VMS utility that will allow me to 
>    validate a User ID and password.  

>    ...  I can't find a SYS$ or LIB$
>    funtion that will help.  If anybody knows of a way
>    please, help!!

DEC has nothing in the libraries to help you.  I had the same need and
called DEC software support.  Their response was "We do not support this,
and never will, because it is a possible security loophole."  The guy
mentioned that some recent DECUS VAXSIG tape had some user software which
would do the job.  I did not follow this up because I don't want to support
that software when DEC changes their encryption algorithm.

If there is software for this on a SIG tape, perhaps some kind person can
post it.

Fred
----------------------------------------------------------------------------
Frederic W. Brehm		Siemens Research and Technology Laboratories
105 College Road East		Princeton, NJ 08540	(609) 734-3336
uucp:	ihnp4!princeton!siemens!fwb or astrovax!siemens!fwb
CSNet:	fwb@siemens.com		ARPA(?): fwb%siemens.com@RELAY.CS.NET
    "From there to here, from here to there, funny things are everywhere."
					    - Dr. Seuss