3k Associates Inc HP3000 FAQ TWiki TWiki > TWiki > HP3000FAQ > HP3000OperatingSystemQuestions > Hp3000ManagerSysParm1 TWiki webs:
Main | TWiki | Sandbox
TWiki . { Welcome | Register | Changes | Topics | Index | Search | Go }

How to prevent someone from logging on SYS;PARM=1 on an HP3000 (disables option logon UDCs)

Some HP 3000 security packages rely on a system-wide logon UDC to protect the computer. Logon UDCs can be ignored if the user logs on with Parm=-1, which can potentially be a BIG security hole unless you have a patch from HP.

A new feature on MPE/iX 5.0 allows you to choose whether or not you can enforce logon UDCs by disabling the Parm=-1 option even for users with SM capability. You can turn this feature on in the Sysgen Misc section by doing the following:

    :sysgen
    sysgen> misc
      misc> system enforcelogonudcs=ON
      misc> show system
      misc> hold
      misc> exit
    sysgen> keep
    sysgen> exit

The change does not take effect until the system is restarted with START NORECOVERY. Nice new feature.

-- ChrisBartram - 18 May 2006



Topic Hp3000ManagerSysParm1 . { Edit | Attach | Backlinks: Web All webs | Printable | History: r2 < r1 More }