|
HP OpenVMS Systemsask the wizard |
|
The Question is: Is there a way to prompt a user logging on for the first time with a question as another level of authentification. If the question were not answered correctly login would not be allowed ? Thanks Norman PS your site is great The Answer is : Please first read and understand (4612) and (5333), the former for the discussion of passwords and the latter for discussion of secondary passwords. The user has already authenticated themselves to OpenVMS, to the limits of the default password-based authentication mechanism. Put another way, why is the first login any different from any subsequent login? You are potentially publishing an algorthm-based scheme that will allow an arbitrary user to determine a pre-generated password for a particular username. This approach is not recommended, for reasons that you are well aware: there is no particular authentication here, as a nefarious-minded user can often easily determine the password of another user. If you must generate passwords for users, the OpenVMS Wizard would use and would assume the verification would occur at the time of the password generation, possibly via CGI scripts operating via a webserver. Topics (558), (1165), (1284), (1990), (2912), (3700) and others may be of interest here. The OpenVMS Wizard will assume a secure LAN, or an encrypted datalink between the webbrowser and the webserver; a level of trust and of encryption must be assumed, lest the password be unintentially revealed. Password- and authentication-related topics particularly include (4612), and also (1461), (1475), (1645), (2938), (3233), (3883), (4303), (4778), (5333), (5508), (6328), and (7818). Among others. As for adding prompts into SYLOGIN, please see topics (1147), (2021), (2328), (2515), (3925), etc. Please realize that you are now writing security-relevent code here, and your code can and potentially will become an obvious target for security attacks. (If you choose to use SYLOGIN, security based on DCL can be difficult to protect against even causual examination, as well -- assuming that the user is not always CAPTIVE, that is.) The OpenVMS Wizard would also configure a pre-expired password, as this would force the password to be changed. A related discussion of a one-shot login mechanism is discussed in topic (6874). If you wish to add to the authentication provided by OpenVMS, please see the LGI callout mechanism.
|