| In order to have a 2 way scrambled password feature OpenVMS would have
to store the users password in plain text (needed for the way the
scrabled algorithm works). OpenVMS does not do this, so it is not
possible or desirable to do this in our product.
The 2 way scrable password algorithm works as follows (or close enough
for the big picture)
the server sends an unique (used 1 time only) scrambling token to the
client (in OpenVMS terms this would be the encryption salt). The
client sends is own unique (used 1 time only) token to the server.
The client used the server's token to scramble the users password as
entered, and sends this to the server. The server uses the token it
sent to the client to scramble the password as stored for that user.
The server then comparies the scrambled value received from the client
against the scrambled value it calculated. If they match, the server
says it is OK.
The server scrambles the users password using the token it received
from the client. The server sends the scrambled result to the client.
The Client uses the token it created and scrambles the users password.
The 2 scrambled values are compared. If they match the client will
talk to the server. If they do not match the client with consider the
server to be an "Impostor" and not talk to it.
So without the clear text password, the Apple 2 way password
authentication doesn't work.
And PATHWORKS for OpenVMS (Macintosh) uses the OpenVMS SYSUAF.DAT file
which only stores an encrypted password and the clear text password is
never saved.
-----
As for 3rd parties, I do not think so. It would be difficult without
support from the file server, and the hooks are not in the server to do
this.
Bob Harris
|