08-03-2009 11:21 PM
I'm preparing to automate the creation of user accounts on my OpenVMS 8.3 systems and would like to auto-generate the passwords for the new accounts.
I'm comfortable with the passwords generated by
$ SET PASSWORD /GENERATE
but that command is not well suited to the task at hand.
Is there a callable interface to the password generator, or a standalone program? I haven't been able to find one.
Solved! Go to Solution.
08-04-2009 12:14 AM
put the single line
into a command-file (n: choose the wanted password length).
$Exit or EOF after the kine, so that set password does not get old/new password input and simply exits.
Execute the command-file with /output=tempfile or pipe it into a command-file, which reads the output (or sys$pipe), and takes the password(s).
An alternative could be another generate password program like gpw.c at
You could modify it to put the generated password into a DCL symbol.
08-04-2009 03:22 AM
08-04-2009 03:24 AM
IIRC, some related underpinnings are available via the undocumented sys$forge_word system service.
I've posted full source code of the NEWUSER user creation tool (with an MIT-style license) at http://labs.hoffmanlabs.com/node/1260
08-04-2009 05:39 AM
pipe write sys$output "Invalid" | set password/generate=8 | (read sys$pipe l ; read sys$pipe l ; define/job password &l)
08-04-2009 05:47 AM
%SET-F-PWDLOCKED, password is locked to prevent change
08-04-2009 03:54 PM
Responding first to the last posts from Craig and Graham ...
The newly-created accounts won't have LOCKPWD set, so that's not going to be a problem. And in any case the password will be generated before the account is created.
Graham, thanks for pointing out the /GENERATE_PASSWORD qualifier, I didn't know about that one. I don't think it will work for me in this situation because it still requires me to select from a list -- which isn't as automated as I need. But I think it will be useful elsewhere!
I'll respond to the other suggestions and assign points when I've had a chance to look at them in more detail.
08-04-2009 05:20 PM
Once you have it then use $SETUAI to save it.
You've not said if the users will change their passwords when they first access the system but I'm guessing that's the case.
08-04-2009 06:12 PM
No, it's not too hard to write some code to spit out a string of characters -- but I'm trying to not reinvent the wheel, and I prefer that the generated password be pronouncable (more or less).
I should add that these accounts will be non-interactive, primarily for email services, and users won't be required to change them. (We will provide an option to allow users to change them if they wish.)
08-04-2009 06:15 PM
Big thanks to Joseph for the DCL one-liner, it does exactly what I need.
The GPW and Perl programs look like too much work to set up; GPW requires some dictionaries and the Perl code requires modules which we don't currently have installed.
I still need to look at Hoff's NEWUSER program.
08-04-2009 10:41 PM
Just a note, it is not the newly created account, it is the creator/administrator/Your account which is issuing the set password, so this must not have LOCKPWD!
08-05-2009 01:26 AM
I did this at one site where there were lots of different type of underlygin servers: VMS, Unix, IBM, etc..
All with different username conventions and lengths.
The purpose of the exercise was to use each others email address as the key for populating which access they had to which systems.
So when they first logged in they were asked for their email address and then an accesss code was mailed to that address (only internal addresses were allowed). They then had to get the access code from the email and enter it.
Over a few weeks we were able to build up a picture of who had access to what accounts.
Dependong on what you are trying to achieve you could just generate, say, a 10 digit integer - using F$CVTIME() and use that as the password.