[HECnet] Effects of Rogue Duplicate HECnet Node?
Paul Koning
paulkoning at comcast.net
Thu Mar 5 10:32:47 PST 2020
> On Mar 5, 2020, at 10:31 AM, Thomas DeBellis <tommytimesharing at gmail.com> wrote:
>
> I never heard of DECnet on SCO, but we ran Ultrix on the first (8650) and second (8700) VAX's which we got at the data center for instructional use. My last use of SCO in the early 2000's timeframe struck me as a product that was behind the times. It still didn't have some features that Ultrix had; Linux and Digital Unix (1990's Alpha) had far passed it by.
>
> As I recall, Ultrix would accept node"user password account"::, the account being necessary because the 20's ran real accounting. ... We discouraged node"user password account":: as this would allow shoulder surfing. We may have modified some of the Ultrix source to refuse this nomenclature.
The three part access control data is DECnet standard, but many systems only use two parts. RSTS uses the third to carry the "system password" which is a second system-wide password that can be enabled for additional security.
For the shoulder surfing concern, RSTS NFT will prompt for access control (with echo disabled for the password) if the quoted elements are absent.
paul
More information about the Hecnet-list
mailing list