Password Policy preventing access to MP Console (1303 Views)
Reply
Advisor
Posts: 29
Registered: ‎06-28-2011
Message 1 of 9 (1,303 Views)
Accepted Solution

Password Policy preventing access to MP Console

Since implementing the password policy, it seems the password MP uses to access the Console is not 'strong' enough and it shows the message  

%SYSTEM-F-PWDPOLICY, Password does not conform to security policy

 

Preventing me from getting to the console to login.

 

Where is this password and can it be easily changed?

Honored Contributor
Posts: 5,230
Registered: ‎04-26-2004
Message 2 of 9 (1,296 Views)

Re: Password Policy preventing access to MP Console

[ Edited ]

This error message does NOT seem to be a standard OpenVMS message.

 

It may be returned by the VMS$PASSWORD_POLICY example program, if password checking has been implemented. It also does not seem to have anything to do with logging in via the MP (Management Processor).

 

Please explain, under which circumstances you are seeing this message.

 

Volker.

Honored Contributor
Posts: 3,002
Registered: ‎07-31-2003
Message 3 of 9 (1,175 Views)

Re: Password Policy preventing access to MP Console

maddog,

  that's very odd! Although it looks like a real OpenVMS message, it isn't:

 

$ pipe lib/extr=$ssdef/out=sys$output sys$share:starlet/macro | search sys$pipe pwdpolicy
%SEARCH-I-NOMATCHES, no strings matched

 

That means someone is forging system-like messages, so I'd be VERY wary about entering passwords, in case they're being captured.

 

Please describe the exact set of steps that are leading to this message. What you're attempting to do. What you're doing, what you're getting prompted and where you're typing.

(what moron designed this ITRC interface? The only way to paste text is via a dialog box???)

A crucible of informative mistakes
Advisor
Posts: 29
Registered: ‎06-28-2011
Message 4 of 9 (1,143 Views)

Re: Password Policy preventing access to MP Console

The message is generated by the program linked to the VMS$PASSWORD_POLICY

I run after a reboot the following command file.

Set NoOn

$! install and configure the site-local password policy module

$INSTALL ADD SYS$LIBRARY:VMS$PASSWORD_POLICY/OPEN/HEAD/SHARE

$RUN SYS$SYSTEM:SYSMAN

PARAMETER USE ACTIVE

PARAMETER SET LOAD_PWD_POLICY 1

PARAMETER WRITE ACTIVE

EXIT

$!Restart ACME Server

$ SET SERVER ACME/RESTART

$EXIT

 

The problem is I can login to the MP but when I take the CO option, I can't get the signon screen to log into VMS.

It just seems to display that message.

 

If I don't run the command file, I can access the console fine.

 

 

Honored Contributor
Posts: 666
Registered: ‎08-07-2003
Message 5 of 9 (1,137 Views)

Re: Password Policy preventing access to MP Console

Hi,

 

it sounds suspiciously like you may have automatic login enabled for the console, or a custom ACME server.

 

Try MC SYSMAN ALF SHOW *

 

If you do not run the password policy command procedure, do you get a username/password prompt when you select the CO option, or do you simply get straight to the DCL command line?

 

 

Honored Contributor
Posts: 1,291
Registered: ‎06-18-2007
Message 6 of 9 (1,130 Views)

Re: Password Policy preventing access to MP Console

You dont say if this is a Blade Server or a Rackmount Itanium.     There are some differences in the Command menu's.

 

Entering CO should not trigger any Password checking (unless as pointed out above, the console is set for Auto Login).     If ALF is configured, and the default MP credentials are being used, then this might trigger the error you are getting.    Alternatively, if ALF is configured, then the credentials for the AutoLogin user account dont meet the policy requirements.

 

To get to the MP Passwords on a Blade system, after logging in, at the MP prompt, enter CM.   This gives the Command Menu.   LI(st) will then give you the list of available commands.     I think the account passwords are controlled through the UC command (User Configuration.)

 

Warning, if you change the Default Admin account password, and then forget the new one, resetting back to default is a pain in the butt, so be sure to remember the new password.

 

Dave.

 

 

Advisor
Posts: 29
Registered: ‎06-28-2011
Message 7 of 9 (1,106 Views)

Re: Password Policy preventing access to MP Console

The Itanium is a RX2660, not a blade.

After typing CO, you get shoudl get the normal VMS sign on screen, not a dollar prompt, unless it has been left logged in before Ctl-B is done.

I think as there is no time associated with the password messages, maybe I have been misled by these.

I have tried Ctl-E cf, just in case it has been locked for write on another session, but this doesn't work either.

 

I will have time tonight to investigate further to provide more information.

Honored Contributor
Posts: 249
Registered: ‎07-21-2003
Message 8 of 9 (1,097 Views)

Re: Password Policy preventing access to MP Console

Sounds like a process has OPA0: allocated.  Login and do a $show term opa0:/full.

 

Bill

Bill Hall
Advisor
Posts: 29
Registered: ‎06-28-2011
Message 9 of 9 (1,070 Views)

Re: Password Policy preventing access to MP Console

Thanks. The password messages were a smokescreen. It is the ACME_SERVER owning OPA0:
Thanks
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.