Technical data

ManualsBrandsCompaq ManualsPrinterLA36

201

202

203

204

205

206

207

208

209

210

Managing User Accounts

7.5 Preparing to Add User Accounts

For interactive accounts, it is best to let the person using the account control

the password. Initially, provide a password that is not easy to guess. The user

will be forced to change the password at ﬁrst login. Only the person using the

account should know the password. Encourage all users to set obscure passwords

of at least eight characters and to change them frequently, or force the use of

generated passwords with the /FLAGS=GENPWD and /GENERATE_PASSWORD

qualiﬁers.

You can use the /PWDMINIMUM and /PWDLIFETIME qualiﬁers with

the AUTHORIZE command ADD or MODIFY to enforce timely password

modiﬁcations. The following table lists the qualiﬁers and speciﬁc action.

Qualiﬁer Action

/PWDMINIMUM Speciﬁes the minimum password length in characters (default

is 6).

/PWDLIFETIME Speciﬁes a delta-time value. One week before that date, the

system issues a warning message to the user. On that date,

the password expires if it has not been changed.

/GENERATE_

PASSWORD

Invokes a password generator to generate user passwords.

/FLAGS=GENPWD Allows you to force use of the automatic password generator

when a user changes a password. Consider using the password

generator for privileged accounts or whenever a user has access

to sensitive data.

For captive accounts, the degree of sensitivity of the data used by the account

should determine the type of password. For example, the password for a payroll

application should be obscure, while the password for a suggestions account might

not even be required; it could be null (in which case users would not be prompted

for the password).

Prohibit users from changing the passwords of captive accounts. To do this,

specify /FLAGS=LOCKPWD when you create the captive account. Change the

password whenever you feel it might be compromised (for example, if a person

using the account moves to another job).

To change a user’s password, use the following command format at the UAF>

prompt:

MODIFY user-name/PASSWORD=new_password

See the OpenVMS System Management Utilities Reference Manual for more

information about AUTHORIZE.

7.5.2.2 Assigning the User Identiﬁcation Code

Assign each account a unique user identiﬁcation code (UIC). A UIC has two

formats: alphanumeric and numeric.

The alphanumeric UIC consists of a member name and, optionally, a group

name separated by a comma and enclosed within brackets (for example,

[DOCO,PRICE]). These identiﬁers might also appear as numeric characters

consisting of a group identiﬁer and a member identiﬁer in octal (for example,

[11,200]).

7–14 Managing User Accounts