nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Netview authentication (2)

2000-09-22 10:38:50
Subject: Re: Netview authentication (2)
From: James_Shanks AT tivoli DOT com
To: nv-l AT lists.tivoli DOT com
Date: Fri, 22 Sep 2000 10:38:50 -0400 

Luc -

No, no enhancements to NetView security are possible.  It is up to the NetView
administrator to pick a good password, but we do not provide code to force him
to.
The same is true of the root user.  You can make his password be "root" or "abc"
if you like and no one can stop you.   NetView security was designed to simply
differentiate roles among different groups of relatively trusted users.  It is
not designed to prevent internal operators from becoming hackers and stealing
passwords.  If you give your operators access to the box and therefore access to
the network as operators, then they are in fact trusted users.   W are not
talking about keeping unwanted outsiders off the box in the first place.

By the way, not all UNIX systems have a man page for "acceptable_password".  And
even on Digital, which does, it says that this function is part of "Enhanced
Security" code, not the base OS.

If you believe that NetView security should be enhanced, then you should open an
enhancement request through marketing or  Level 2.

James Shanks
Team Leader, Level 3 Support
 Tivoli NetView for UNIX and NT



luc BARNOUIN <luc.barnouin AT FR.AIRSYSATM.THOMSON-CSF DOT COM> on 09/22/2000 
03:36:01
AM

Please respond to IBM NetView Discussion <nv-l AT tkg DOT com>

To:   IBM NetView Discussion <nv-l AT tkg DOT com>
cc:    (bcc: James Shanks/Tivoli Systems)
Subject:  [NV-L] Netview authentication (2)




Dear forumers,

Re-posted as no answer received...

We are using Netview security features, to define roles and restrict access to
Netview GUI. The current implementation of nvsecd_admin is quite permissive in
terms of password, and does not respect the "weakness" check using the standard
UNIX acceptable password checking function - see the UNIX man page for
acceptable_password(3).

Does anyone know a configuration (DCE configuration, UNIX C2 configuration, ...)
that would allow Netview to be more secured?

Configuration:

- Digital Unix 4.0f
- Netview 5.1.3
- DCE 2.1

Thanks for any idea

Luc BARNOUIN
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Mibtable usage (2), luc BARNOUIN
Next by Date:  Re: Mibtable usage (2), James_Shanks
Previous by Thread:  Netview authentication (2), luc BARNOUIN
Next by Thread:  Mibtable usage (2), luc BARNOUIN
Indexes:  [Date] [Thread] [Top] [All Lists]