<<< NOTED::DISK$NOTES7:[NOTES$LIBRARY_7OF4]HACKERS.NOTE;1 >>> -< ** Hackers ** >- ================================================================================ Note 1800.4 VU (Virtual User) utility for VMS 4 of 4 GTJAIL::MARTIN "Out to Lunch" 63 lines 17-APR-1996 03:39 -< A solution for passwords (maybe !) >- -------------------------------------------------------------------------------- I already solved the "plain text" passwords problems by using another (unsupported !) utility called PROXY. This allows you to store a database of encrypted passwords, plus a list of users who can access those passwords. For example: $ ASSIGN somedisk:[somedir]PROXY$DATABASE.DAT PROXY$DATABASE $ PROXY/ADMINISTER Password: (this is always the SYSTEM password on the current system) create a new database (you only need to do this once !) PROXY_ADMINISTER> CREATE %PROXY-S-CREATED, output file SRC:[PROXY]PROXY$DATABASE.DAT;2 created now add some account we want to remember the password for: PROXY_ADMINISTER> ADD BIGVAX::SMITHJ/PASSWORD=TOPSECRET %PROXY-S-NODEADDED, node BIGVAX::SMITHJ added to database SRC:[PROXY]PR OXY$DATABASE.DAT;2 %PROXY-E-PWDSET, password set for user BIGVAX::SMITHJ in database SRC:[P ROXY]PROXY$DATABASE.DAT;2 now add a (local) user who will be able to retrieve passwords from the database: PROXY_ADMINISTER> ADD JONESR %PROXY-S-USERADDED, user JONESR added to database SRC:[PROXY]PROXY$DATA BASE.DAT;2 now let that user get the password for BIGVAX::SMITHJ PROXY_ADMINISTER> GRANT JONESR BIGVAX::SMITHJ %PROXY-S-GRANTED, node BIGVAX::SMITHJ granted to user JONESR in databas e SRC:[PROXY]PROXY$DATABASE.DAT;2 Now all JONESR has to do is have a command file that says: $ PROXY BIGVAX::SMITHJ/SYMBOL=PWD $ VU BIGVAX/PARAMETER=(SMITHJ,'PWD')/INPUT=LOGIN.CMD and a LOGIN.CMD that says: WAIT "Username: " SEND "%1"/RETURN WAIT "Password: " SEND "%2"/RETURN I'll stick a copy of PROXY in GTJAIL::SYS$PUBLIC:[PROXY014]. PROXY also does wild things like updating your password on other systems by doing that TYPE node::"0=FILE" thing with a SET PASSWORD command in it. I certainly wouldn't recommend using that bit of PROXY as the command file it uses to do that DOES have plain-text passwords in it ! However I do use PROXY to set up my VAXstation when I log in; LOGIN.COM does a load of 'CREATE TERMINAL/DETACH's' and these windows pick up PROXY/VU scripts which log me into various places (and set the DECterm icon and title). Goodness only knows how many security regulations I just broke, can't be worse than having passwords in /etc/passwd on that other operating system though ?