[HECnet] Effects of Rogue Duplicate HECnet Node?
Johnny Billquist
bqt at softjar.se
Thu Mar 5 10:39:29 PST 2020
On 2020-03-05 19:32, Paul Koning wrote:
>
>
>> On Mar 5, 2020, at 10:31 AM, Thomas DeBellis <tommytimesharing at gmail.com> wrote:
>>
>> I never heard of DECnet on SCO, but we ran Ultrix on the first (8650) and second (8700) VAX's which we got at the data center for instructional use. My last use of SCO in the early 2000's timeframe struck me as a product that was behind the times. It still didn't have some features that Ultrix had; Linux and Digital Unix (1990's Alpha) had far passed it by.
>>
>> As I recall, Ultrix would accept node"user password account"::, the account being necessary because the 20's ran real accounting. ... We discouraged node"user password account":: as this would allow shoulder surfing. We may have modified some of the Ultrix source to refuse this nomenclature.
>
> The three part access control data is DECnet standard, but many systems only use two parts. RSTS uses the third to carry the "system password" which is a second system-wide password that can be enabled for additional security.
>
> For the shoulder surfing concern, RSTS NFT will prompt for access control (with echo disabled for the password) if the quoted elements are absent.
RSX ignores the account field, but it is possible to provide for other
systems that do happen to care.
Accounting in RSX is related to the user, so it's tracked by
user/password only. There are accounts, but you cannot select such
things, or change between multiple ones for one user.
I think VMS is exactly the same. I am a bit curious about how Tops-20
actually made use of them.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
More information about the Hecnet-list
mailing list