[Info-vax] OT: Review your password-checking $acm[w] calls
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Sat Oct 26 11:10:02 EDT 2013
On 2013-10-26 00:52:46 +0000, Simon Clubley said:
> On 2013-10-24, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>
>> Related: <http://h71000.www7.hp.com/doc/731final/5841/5841pro_088.html>
>> <http://labs.hoffmanlabs.com/node/1260#comment-2993>
>>
>> Yeah. It's a stupid coding bug. A bug that won't show in most
>> testing. Don't make it.
>
> Isn't this the bug I was responsible for finding ?
>From the release notes of the not-yet-fully-baked and not-yet-tested update:
"<version> adds the requirement for IMPERSONATE privilege for the
NEWMAIL usernames. The addition of this privilege and an associated
code change resolves an ACME$_OPINCOMPL error associated with an
expiring password. This error was reported by Simon Clubley."
> If so, you really do need to be within the expiring password window to
> experience this; IIRC as soon as I reset my password Hoff's utility
> worked just fine.
I'm setting up a test user with an expiring password to verify the
changes are working as expected. Edge cases are "fun".
Jim Duff saw a somewhat different behavior with the $acm[w] system
service, where the itemcode is now a requirement for the call. I'm
back-linking the executable code and temporarily still running with an
ancient OpenVMS Alpha version and also building for a recent OpenVMS
I64 version as the targets, so the environment is undoubtedly different
from what Jim is working with..
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list