Previous | Contents | Index |
On OpenVMS, the following SYSUAF checks are performed by the legacy mailbox servers when a user logs in via a remote client.
Note that these only apply if the user's password is being stored in the VMS SYSUAF file. If the PMDF_TABLE:SECURITY.CNF file is configured such that the authentication source being used is something other than SYSTEM (for example, PASSDB or LDAP), then none of these actions are taken.
However, if the VMS SYSUAF file is the authentication source, the following checks are made:
pop3d.exe
, and imapd.exe
images and grant the appropriate rightslist identifier to the users in
accord with your policy. Any user who does not have EXECUTE access to
the image will be denied access.
If LOGGING is set to 1 in the pop3d.cnf
or
imapd.cnf
file, then login failures are logged in a PMDF
log file: the PMDF_TABLE:mail.log_current
file or the
PMDF_TABLE:connection.log_current
file, depending on the
setting of the PMDF option SEPARATE_CONNECTION_LOG
. A
login failure OPCOM message is sent to the SECURITY operator on a VMS
5.x system; a NETWORK LOGFAIL audit event is logged on an
OpenVMS I64, or OpenVMS 6.1 (VAX) or OpenVMS 6.2 (Alpha) or later
system.
If the user fails to log in due to an incorrect password, the number of login failures in the SYSUAF is incremented for the user. Furthermore, if the number of login failures exceeds the SYSGEN parameter LGI_BRK_LIM (default 5) and LGI_BRK_DISUSER is set, then the user account is disabled. A login breakin OPCOM message is sent to the SECURITY operator on a VMS 5.x system; a NETWORK BREAKIN audit event (instead of a LOGFAIL event) is logged on an OpenVMS I64, or OpenVMS 6.1 (VAX) or OpenVMS 6.2 (Alpha) or later system after LGI_BRK_LIM is reached.
When a login is successful, the last successful non-interactive login time in the SYSUAF is also updated. A successful NETWORK LOGIN audit event is logged in the system security audit log on an OpenVMS I64, or OpenVMS 6.1 (VAX) or OpenVMS 6.2 (Alpha) or later system.
5
|
Previous | Next | Contents | Index |