Luc -
No, no enhancements to NetView security are possible. It is up to the NetView
administrator to pick a good password, but we do not provide code to force him
to.
The same is true of the root user. You can make his password be "root" or "abc"
if you like and no one can stop you. NetView security was designed to simply
differentiate roles among different groups of relatively trusted users. It is
not designed to prevent internal operators from becoming hackers and stealing
passwords. If you give your operators access to the box and therefore access to
the network as operators, then they are in fact trusted users. W are not
talking about keeping unwanted outsiders off the box in the first place.
By the way, not all UNIX systems have a man page for "acceptable_password". And
even on Digital, which does, it says that this function is part of "Enhanced
Security" code, not the base OS.
If you believe that NetView security should be enhanced, then you should open an
enhancement request through marketing or Level 2.
James Shanks
Team Leader, Level 3 Support
Tivoli NetView for UNIX and NT
luc BARNOUIN <luc.barnouin@FR.AIRSYSATM.THOMSON-CSF.COM> on 09/22/2000 03:36:01
AM
Please respond to IBM NetView Discussion <nv-l@tkg.com>
To: IBM NetView Discussion <nv-l@tkg.com>
cc: (bcc: James Shanks/Tivoli Systems)
Subject: [NV-L] Netview authentication (2)
Dear forumers,
Re-posted as no answer received...
We are using Netview security features, to define roles and restrict access to
Netview GUI. The current implementation of nvsecd_admin is quite permissive in
terms of password, and does not respect the "weakness" check using the standard
UNIX acceptable password checking function - see the UNIX man page for
acceptable_password(3).
Does anyone know a configuration (DCE configuration, UNIX C2 configuration, ...)
that would allow Netview to be more secured?
Configuration:
- Digital Unix 4.0f
- Netview 5.1.3
- DCE 2.1
Thanks for any idea
Luc BARNOUIN
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l
|