<<< NOTED::DISK$NOTES7:[NOTES$LIBRARY_7OF4]HACKERS.NOTE;1 >>>
                               -< ** Hackers ** >-
================================================================================
Note 1800.4             VU (Virtual User) utility for VMS                 4 of 4
GTJAIL::MARTIN "Out to Lunch"                        63 lines  17-APR-1996 03:39
                    -< A solution for passwords (maybe !) >-
--------------------------------------------------------------------------------
    I already solved the "plain text" passwords problems by using another
    (unsupported !) utility called PROXY. This allows you to store a
    database of encrypted passwords, plus a list of users who can access
    those passwords. For example:
    
    	$ ASSIGN somedisk:[somedir]PROXY$DATABASE.DAT PROXY$DATABASE
    	$ PROXY/ADMINISTER
    	Password: (this is always the SYSTEM password on the current system)
    
    create a new database (you only need to do this once !)
    
    	PROXY_ADMINISTER> CREATE
        %PROXY-S-CREATED, output file SRC:[PROXY]PROXY$DATABASE.DAT;2 created
    
    now add some account we want to remember the password for:
    
        PROXY_ADMINISTER> ADD BIGVAX::SMITHJ/PASSWORD=TOPSECRET
        %PROXY-S-NODEADDED, node BIGVAX::SMITHJ added to database SRC:[PROXY]PR
        OXY$DATABASE.DAT;2
        %PROXY-E-PWDSET, password set for user BIGVAX::SMITHJ in database SRC:[P
        ROXY]PROXY$DATABASE.DAT;2
    
    now add a (local) user who will be able to retrieve passwords from the 
    database:
    
        PROXY_ADMINISTER> ADD JONESR
        %PROXY-S-USERADDED, user JONESR added to database SRC:[PROXY]PROXY$DATA
        BASE.DAT;2
    
    now let that user get the password for BIGVAX::SMITHJ
    
        PROXY_ADMINISTER> GRANT JONESR BIGVAX::SMITHJ
        %PROXY-S-GRANTED, node BIGVAX::SMITHJ granted to user JONESR in databas
        e SRC:[PROXY]PROXY$DATABASE.DAT;2
    
    Now all JONESR has to do is have a command file that says:
    
    	$ PROXY BIGVAX::SMITHJ/SYMBOL=PWD
    	$ VU BIGVAX/PARAMETER=(SMITHJ,'PWD')/INPUT=LOGIN.CMD
    
    and a LOGIN.CMD that says:
    
    	WAIT "Username: "
    	SEND "%1"/RETURN
    	WAIT "Password: "
    	SEND "%2"/RETURN
    
    I'll stick a copy of PROXY in GTJAIL::SYS$PUBLIC:[PROXY014]. 
    
    PROXY also does wild things like updating your password on other systems
    by doing that TYPE node::"0=FILE" thing with a SET PASSWORD command in it.
    I certainly wouldn't recommend using that bit of PROXY as the command
    file it uses to do that DOES have plain-text passwords in it !
    
    However I do use PROXY to set up my VAXstation when I log in; LOGIN.COM
    does a load of 'CREATE TERMINAL/DETACH's' and these windows pick up
    PROXY/VU scripts which log me into various places (and set the DECterm
    icon and title).
    
    Goodness only knows how many security regulations I just broke,
    can't be worse than having passwords in /etc/passwd on that other 
    operating system though ?