Login Failures: When You Are Unable to Log In

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security for the User

Using the System Responsibly

Types of Logins and Login Classes

Changing Your Password

Login Failures: When You Are Unable to LogIn

Logins can fail for any number of reasons. One of your passwordsmight have changed, or your account might have expired. You mightbe attempting to log in over the network or from a modem but beunauthorized to do so. Reasons for Login Failure summarizescommon reasons for login failure.

Table 3 Reasons for Login Failure
Failure Indicator Reason

No responsefrom the terminal.
A defective terminal, aterminal that requires a system password, a terminal that is notpowered on, or a communications problem caused by defective wiringor by a misconfigured or malfunctioning modem.

No responsefrom any terminal.
The system is down or overloaded.

No responsefrom the terminal when you enter the system password.
The system password changed.

System messages:

"Userauthorization failure"
A typing error in your username or password. The account or password expired.

"Notauthorized to log in from this source"
Your particular class oflogin (local, dialup, remote, interactive, batch, or network) isprohibited.

"Notauthorized to log in at this time"
You do not have access tolog in during this hour or this day of the week.

"User authorizationfailure" (and no known user failure occurred)
An apparent break-in has been attemptedat the terminal using your user name, and the system has temporarilydisabled all logins at that terminal by your user name.

**Table 3** **Reasons for Login Failure**
Failure Indicator	Reason
No responsefrom the terminal.	A defective terminal, aterminal that requires a system password, a terminal that is notpowered on, or a communications problem caused by defective wiringor by a misconfigured or malfunctioning modem.
No responsefrom any terminal.	The system is down or overloaded.
No responsefrom the terminal when you enter the system password.	The system password changed.
System messages:
"Userauthorization failure"	A typing error in your username or password. The account or password expired.
"Notauthorized to log in from this source"	Your particular class oflogin (local, dialup, remote, interactive, batch, or network) isprohibited.
"Notauthorized to log in at this time"	You do not have access tolog in during this hour or this day of the week.
"User authorizationfailure" (and no known user failure occurred)	An apparent break-in has been attemptedat the terminal using your user name, and the system has temporarilydisabled all logins at that terminal by your user name.

The following sections describe the reasons for login failurein more detail.

Using a Terminal That Requires a System Password

You cannot log in if the terminal you attempt to use requiresa system password and you are unaware of the requirement. All attemptsat logging in fail until you enter the system password.

If you know the system password, perform the steps describedin Entering a System Password. If your attemptsfail, it is possible that the system password has been changed.Move to a different terminal that does not require a system password,or request the new system password.

If you do not know the system password and you suspect thatthis is the problem, try logging in at another terminal.

Observing Your Login Class Restrictions

If you attempt a class of login that is prohibited in yourUAF record, your login fails. For example, your security administratorcan restrict you from logging in over the network. If you attempta network login, you receive a message stating that you are notauthorized to log in from this source.

Network jobs are not terminated when the allocated work shiftfor network jobs is exceeded. This restriction applies only to newnetwork connections, not to existing ones.

Your security administrator can restrict your logins to includeor exclude any of the following classes: local, remote, dialup,batch, or network. (For a description of these classes, see Logging In Interactively: Local, Dialup, and Remote Logins and When the System Logs In for You: Network and Batch Logins.)

Using an Account Restricted to Certain Daysand Times

Another cause of login difficulty is failure to observe yourshift restrictions. A system manager or security administrator cancontrol access to the system based on the time of day or the dayof the week. These restrictions are imposed on classes of logins.The security administrator can apply the same work-time restrictionsto all classes of logins or choose to place different restrictionson different login classes. If you attempta login during a time prohibited for that login class, your loginfails. The system notifies you that you are not authorized to login at this time.

When shift restrictions apply to batch jobs, jobs you submitthat are scheduled to run outside your permitted work times arenot run. The system does not automatically resubmit such jobs duringyour next available permitted work time. Similarly, if you haveinitiated any kind of job and attempt to run it beyond your permittedtime periods, the job controller aborts the uncompleted job whenthe end of your allocated work shift is reached. This job terminationbehavior applies to all jobs.

Failing to Enter the Correct Password Duringa Dialup Login

Your security administrator can control the number of chancesyou are given to enter a correct password during a dialup loginbefore the connection is automatically broken.

If your login fails and you have attempts remaining, pressthe Return key and try again. You can do this until you succeedor reach the limit. If the connection is lost, you can redial theaccess line and start again.

The typical reason for limiting the number of dialup loginfailures is to discourage unauthorized users attempting to learnpasswords by trial and error. They already have the advantage ofanonymity because of the dialup line. Of course, limiting the numberof tries for each dialup does not necessarily stop this kind of intrusion.It only requires the would-be perpetrator to redial and start anotherlogin.

Knowing When Break-In Evasion ProceduresAre in Effect

If anyone has made a number of failed attempts to log in atthe same terminal with your user name, the system concludes thatan intruder is attempting to gain illegal access to the system byusing your user name.

At the discretion of your security administrator, break-inevasion measures can be in effect for all users of the system. Thesecurity administrator controls how many password attempts are allowedover what period of time. Once break-in evasion tactics are triggered,you cannot log in to the terminal---even with your correct password---duringa defined interval. Your security administrator can tell you howlong you must wait before reattempting the login, or you can moveto another terminal to attempt a login.

If you suspect that break-in evasion is preventing your loginand you have not personally experienced any login failures, youshould contact your security administrator immediately. Together,you should attempt another login and check the message that revealsthe number of login failures since the last login to confirm ordeny your suspicion of intrusion attempts. (If your system doesnot normally display the login message, your security administratorcan use the Authorize utility (AUTHORIZE) to examine the data inyour UAF record.) With prompt action, your security administratorcan locate someone attempting logins at another terminal.

Types of Logins and Login Classes

Changing Your Password