DataMuseum.dk

top - metrics - download

    Length: 3582 (0xdfe)
    Types: TextFile
    Names: »vms.tex«

└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
    └─⟦36857feb3⟧ »./papers/Security_Primer/primer.tar.Z« 
        └─⟦5c5f5f2d8⟧ 
            └─⟦this⟧ »vms.tex« 

TextFile

\section{VMS Script}

This script is courtesy of Kevin Oberman of Lawrence Livermore
National Labs.  It is used on DEC VMS systems to close a number of the
standard created by the normal installation of DECNET.  Rather than
typing this in by hand, please request one by electronic mail.  This
DCL script is provided for reference purposes only and is not
guaranteed or warranted in any way.

{\small\relax
\begin{verbatim}
$ Type SYS$INPUT

This procedure changes the password for the default DECnet account and
sets up a new account for FAL activity. It prevents unauthorized users
from making use of the default DECnet account for any purpose except
file transfer.

This procedure assumes a default DECnet account named DECNET using a
directory on SYS$SYSROOT. If this is not the case on this system, do
not proceed!  It will use UIC [375,375]. If this UIC is already in
use, do not continue.

$ Read/End=Cleanup/Prompt="Continue [N]: " SYS$COMMAND OK
$ If .NOT. OK Then Exit
$ Say := "Write SYS$OUTPUT"
$ Current_Default = F$Environment("DEFAULT")
$ Has_Privs = F$Priv("CMKRNL,OPER,SYSPRV")
$ If Has_Privs Then GoTo Privs_OK
$ Say "This procedure requires CMKRNL, OPER, and SYSPRV."
$ Exit
$Privs_OK:
$ On Control_Y Then GoTo Cleanup
$ On Error Then GoTo Cleanup
$ Set Terminal/NoEcho
$ Read/End=Cleanup/Prompt="Please enter new default DECnet password: " -
 SYS$Command DN_Password
$ Say " "
$ If F$Length(DN_Password) .GT. 7 Then GoTo DN_Password_OK
$ Say "Minimum password length is 8 characters"
$ GoTo Privs_OK
$DN_Password_OK:
$ Read/End=Cleanup/Prompt="Enter new FAL password: " SYS$COMMAND FAL_Password
$ Say " "
$ If F$Length(FAL_Password) .GT. 7 Then GoTo FAL_Password_OK
$ Say "Minimum password length is 8 characters"
$ GoTo DN_Password_OK
$FAL_Password_OK:
$ Set Terminal/Echo
$ Type SYS$INPUT

The FAL account requires a disk quota. This quota should be large
enough to accomodate the the files typically loaded into this account.
Should the qouta be exhausted, the system will fail to perform default
DECnet file transfers.

It is also advisable to clear old files from the directory on a daily
basis.

$ If .NOT. F$GetSYI("CLUSTER_MEMBER") Then GoTo Not_Cluster
$ Say "This system is a cluster member.
$ Read/Prom="Has this procedure already been run on another cluster member: "-
  SYS$INPUT Cluster
$ If Cluster Then GoTo No_Create
$Not_Cluster:
$ Read/End=Cleanup -
 /Prompt="Disk quota for FAL account (0 if quotas not enabled): " -
  SYS$COMMAND Quota
$ If F$Type(Quota) .EQS. "INTEGER" Then GoTo Set_Quota
$ Say "Diskquota must be an integer"
$ GoTo FAL_Password_OK
$Set_Quota:
$ Say "Setting up new FAL account."
$ Set Default SYS$SYSTEM
$ Set NoOn
$ UAF := "$Authorize"
$ UAF Copy DECNET FAL/Password='FAL_Password'/UIC=[375,375]/Directory=[FAL]
$ Create/Directory SYS$SYSROOT:[FAL]/Owner=[FAL]
$No_Create:
$ NCP := "$NCP"
$ NCP Define Object FAL USER FAL Password 'FAL_Password'
$ NCP Set Object FAL USER FAL Password 'FAL_Password'
$ If (Quota .eq. 0) .OR. Cluster Then GoTo NO_QUOTA
$ Say "Entering disk quota for FAL account.
$ Set Default SYS$SYSTEM
$ PID = F$GetJPI("","PID")
$ Open/Write Quota SET_QUOTA'PID'.COM
$ Write Quota "$ Run SYS$SYSTEM:DISKQUOTA"
$ Write Quota "Add FAL/Perm=''Quota'"
$ Close Quota
$ @SET_QUOTA'PID'
$ Delete SET_QUOTA'PID'.COM;
$No_Quota:
$ Say "Resetting default DECNET account password"
$ NCP Define Executor Nonpriv Password 'DN_Password'
$ NCP Set Executor Nonpriv Password 'DN_Password'
$ UAF Modify DECNET/Password='DN_Password'
$Cleanup:
$ Set Default 'Current_Default'
$ Set Terminal/Echo
$ Exit
\end{verbatim}
}