PWD Installation Guide June 1992 This document describes the installation of the PWD utility. It also explains how to display or print the online release notes before you install PWD. Revision/Update Information: New Manual Software Version: PWD Version 1.0 ------------------------------------------------------------------------------ June 1992 The information in this document is subject to change without notice and should not be construed as a commitment by NCOM. NCOM assumes no responsibility for any errors that may appear in this document. ------------------------------------------------------------------------------ Contents Preface iv 1 Preparing to Install PWD 1.1 Accessing on line help notes 1-2 1.2 Installation procedure requirements 1-2 2 Installing PWD 2.1 Installing PWD on a VAXcluster 2-1 3 After the Installation 4 Sample Installation PWD V1.0 Installation Guide ------------------------------------------------------------------------------ Preface This guide describes how to install PWD on a VMS operating system. This manual is intended for System managers. PWD allows you to modify passwords on multiple systems form a single node in your network. Security in provided via databases on the local nodes to vet unauthorised access. The utility PWDMGR is used to maintain the access to the local node and to provide a list of nodes that can be used to attempt password modification on other nodes. Administrators can be nominated to change passwords on behalf of other users. ------------------------------------------------------------------------------ Preparing to Install PWD PWD require VAX/VMS V5.5 or higher. You will need VAX FORTRAN V 5.8 or higher to compile the fortran source code. It is assumed that there is only one SYSUAF.DAT file within a VAXcluster. The manager should copy the backup save set file PWD_SOURCE.B from tape and revue the source code and use it to rebuild the PWD010 installation kit. It is not advised to use the executable images included in the original PWD010.A installation kit. ------------------------------------------------------------------------------ Accessing the Online Release Notes PWD provides on line notes. You should include OPTIONS N in the VMSINSTAL command and only continue the installation after you have reviewed them. The release notes and the installation guide are located on the tape and can be copied to disk along with the save set PWD010 and PWD_SOURCE. PWD Installation Guide ------------------------------------------------------------------------------ Installation Procedure Requirements * PWD should be installed only on the boot node if you have a VAXcluster as all workstations will use the boot node to modify local passwords. * Check that the disk you are going to install PWD on has over 5000 free blocks. * Disable disk quotas in the disk you are installing PWD on then enable them after the installation. See SYSMAN utility in the VAX/VMS Management Guide for more details. PWD Installation Guide ------------------------------------------------------------------------------ The following section describes the different sections of the installation of PWD V1.0. Log into the account SYSTEM and invoke the VMSINSTAL command. Username: SYSTEM Password: $ @SYS$UPDATE:VMSINSTAL PWD010 MUA0: OPTIONS N VAX/VMS Software Product Installation Procedure V5.5-1 It is dd-mmm-yyyy at hh:mm. Enter a question mark (?) at any time for help. Press RETURN only if you are satisfied with you backup of the system disk otherwise, type NO. * Are you satisfied with the backup of your system disk [YES]? Check that the distribution media is on line Please mount the first volume of the set on MUA0. * Are you ready? yes The following products will be processed: PWD V1.0 Beginning installation of PWD V1.0 at hh:mm %VMSINSTAL-I-RESTORE, Restoring product save set A ... If you have selected OPTIONS N you will be prompted for the release notes. Select an option to view the release notes before continuing. Release notes included with this kit are always copied to SYS$HELP. Additional Release Notes Options: 1. Display release notes 2. Print release notes 3. Both 1 and 2 4. None of the above * Select option [2]: 4 Do not continue the installation until you have read the release notes as they contain information that is not in the installation guide. The release notes describe code in the program that needs to be modified for the utility to work at your site. The source code should be re-compiled and the PWD010 save set re-created using the SYS$UPDATE:SPKITBLD command. * Do you want to continue the installation [NO]? y %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP. %PWD-I-VERSION, Checking for VMS version 5.5 or greater... Files that are replaced by this installation will be purged if you press RETURN. Answer NO if you do not want files to be purged * Do you want to purge files replaced by this installation [YES]? y DECnet is checked to make sure it is running. If DECnet is not running the installation will fail. You can check if DECnet is running on the system you are installing PWD on by typing: $ SH NETWORK %PWD-I-CHK_NET, Checking if DECnet is running You will be prompted for a disk to install PWD V1.0 on. The disk can be a physical disk or a logical disk. It is advised that you use logical disk. If the disk you select does not exist you will be asked to enter another one. * Logical disk Name for PWD software [SYS$SYSDEVICE]: NCOM_MGT: If the disk you are installing PWD V1.0 does not have more than 5000 blocks of space the installation will fail. %PWD-I-FREEBLKS, Checking for 5000 free blocks %PWD-I-FREEBLKS, Disk NCOM_MGT has 1443174 free blocks A UIC is required for the creation of a VAX account used by the network object. The installation prompts you for a group UIC. The search starts at group 360 and continues until a free one is found. You can select your own group UIC to be used by the network object. * UIC Group number for network object account NCOM_PWD [361]: If disk quotas are enabled on the disk you install PWD V1.0 on you will be asked if you wish to continue the installation. It is advised that before you start the installation you disable disk quotas on the disk you have selected. After the installation add approx 5000 blocks for account NCOM_PWD and enable quotas. If quotas for the network object are not added or quotas are enabled during the installation the results of the installation and the PWD program are unknown. Disk quotas are enabled on this disk. Check that disk quotas are disabled before you continue otherwise this installation may fail * Do you wish to continue [NO]? Yes The following question asks if you have a DECnet/SNA CT or ST gateway and a node on your network running the DECnet/SNA VMS 3270 Data Stream Programming Interface software. Answer NO unless you have this software running on at least one of the nodes in your network. If you select yes to the following question then provide the node name of a system on your network that has the DECnet/SNA VMS 3270 Data Stream Programming Interface installed. This allows you to modify passwords on an MVS IBM mainframe. * Does a node on your network have DECnet/SNA VMS 3270 DSPI installed [NO]? y If you answer YES to the above question you will be prompted for the name of the node running the DECnet/SNA VMS 3270 Data Stream Programming Interface software. The name of the node may be the system you are installing PWD V1.0 on or it may be another node in your network. * Name of node with DSPI installed: NMDL01 A message will be displayed if the node you are installing PWD V1.0 on is running DECnet/SNA VMS 3270 Data Stream Programming Interface software. This message advises you to install the image SYS$LIBRARY:SNA3270SH.EXE as a shareable image. If you do not have this image installed and you invoke PWD on this node it will fail and the following error message will be returned in the file NCOM_PWD$LOG:NETSERVER.LOG ------------------------------------------------------------ You will have to install the image SYS$LIBRARY:SNA3270SH.EXE shareable otherwise you will get the following error. %DCL-W-ACTIMAGE, error activating image SNA3270SH -CLI-E-IMGNAME, image file SYS$LIBRARY:SNA3270SH.EXE -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged image ------------------------------------------------------------ The installation continues from this point with no further questions. Messages will be displayed on the progress of the installation. All questions have been answered. The installation of PWD for VMS V1.0 will continue. %PWD-I-INITIAL, Checking the directory NCOM_MGT:[NCOM_PWD...] %VMSINSTAL-I-ACCOUNT, This installation creates an ACCOUNT named NCOM_PWD. %UAF-I-ADDMSG, user record successfully added %UAF-I-RDBADDMSGU, identifier NCOM_PWD value: [000361,000001] added to rights data base %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %PWD-I-DEF_OBJS, Defining DECnet object NCOM_PWD Adding PWD to DCL command tables... Adding PWD to VMS help library... The PWD Installation advises you to edit the system startup file and include the command procedure PWD_STARTUP.COM. You will also be advised to read the PWD utility guides and populate the PWDMGR databases allowing users to use a default list of remote nodes on which they can modify their passwords. The PWDMGR utility also grants the access remote nodes have to your system when they attempt to modify their password. Users registered as administrators will be able to modify passwords on your system on behalf of other users. +-------------------------------------------------------+ | | | Add the startup file SYS$STARTUP:PWD_STARTUP.COM to | | the system startup file SYS$MANAGER:SYSTARTUP_V5.COM | | | | Invoke the PWDMGR utility by typing MCR PWDMGR at the | | system prompt and populate the databases with remote | | nodes, security access records and administrators. | | For more details see the Password Manager Utility | | Manual. | | | +-------------------------------------------------------+ %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... Installation of PWD V1.0 completed at hh:mm VMSINSTAL procedure done at hh:mm PWD V1.0 Installation Guide ----------------------------------------------------------------------------- Installing PWD on a VAXcluster 1. Install the new DCLTABLE on the other members of the VAXcluster by typing the following: $ MC SYSMAN SYSMAN> SET ENVIRONMENT/CLUSTER SYSMAN> SET PROFILE/PRIV=ALL SYSMAN> DO INSTALL REPLACE SYS$LIBRARY:DCLTABLES.EXE SYSMAN> EXIT $ ------------------------------------------------------------------------------ After the Installation * Users wishing to use the new PWD command must logout of the system and log in again before they can invoke PWD. * The system manager should populate the databases using the PWDMGR utility. NO system will be able to access the local node you have installed PWD on until it is registered within PWDMGR. This is also the case with the local node as it is seen as a remote node by the PWD program. PWD V1.0 Installation Guide ------------------------------------------------------------------------------ Sample Installation $ @sys$update:vmsinstal pwd010 sys$sysdevice:[000000] options n VAX/VMS Software Product Installation Procedure V5.5-1 It is 19-AUG-1992 at 20:19. Enter a question mark (?) at any time for help. * Are you satisfied with the backup of your system disk [YES]? The following products will be processed: PWD V1.0 Beginning installation of PWD V1.0 at 20:19 %VMSINSTAL-I-RESTORE, Restoring product save set A ... Release notes included with this kit are always copied to SYS$HELP. Additional Release Notes Options: 1. Display release notes 2. Print release notes 3. Both 1 and 2 4. None of the above * Select option [2]: 4 * Do you want to continue the installation [NO]? y %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP. %PWD-I-VERSION, Checking for VMS version 5.5 or greater... * Do you want to purge files replaced by this installation [YES]? y %PWD-I-CHK_NET, Checking if DECnet is running * Logical disk Name for PWD software [SYS$SYSDEVICE]: NCOM_MGT: %PWD-I-FREEBLKS, Checking for 5000 free blocks %PWD-I-FREEBLKS, Disk NCOM_MGT has 1443174 free blocks * UIC Group number for network object account NCOM_PWD [361]: If you select yes to the following question then provide the node name of a system on your network that has the DECnet/SNA VMS 3270 Data Stream Programming Interface installed. This allows you to modify passwords on an MVS IBM mainframe. * Does a node on your network have DECnet/SNA VMS 3270 DSPI installed [NO]? y * Name of node with DSPI installed: NMDL01 ------------------------------------------------------------ You will have to install the image SYS$LIBRARY:SNA3270SH.EXE shareable otherwise you will get the following error. %DCL-W-ACTIMAGE, error activating image SNA3270SH -CLI-E-IMGNAME, image file SYS$LIBRARY:SNA3270SH.EXE -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged image ------------------------------------------------------------ All questions have been answered. The installation of PWD for VMS V1.0 will continue. %PWD-I-INITIAL, Checking the directory NCOM_MGT:[NCOM_PWD...] %VMSINSTAL-I-ACCOUNT, This installation creates an ACCOUNT named NCOM_PWD. %UAF-I-ADDMSG, user record successfully added %UAF-I-RDBADDMSGU, identifier NCOM_PWD value: [000361,000001] added to rights data base %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD. %UAF-I-MDFYMSG, user record(s) updated %PWD-I-DEF_OBJS, Defining DECnet object NCOM_PWD Adding PWD to DCL command tables... Adding PWD to VMS help library... +-------------------------------------------------------+ | | | Add the startup file SYS$STARTUP:PWD_STARTUP.COM to | | the system startup file SYS$MANAGER:SYSTARTUP_V5.COM | | | | Invoke the PWDMGR utility by typing MCR PWDMGR at the | | system prompt and populate the databases with remote | | nodes, security access records and administrators. | | For more details see the Password Manager Utility | | Manual. | | | +-------------------------------------------------------+ %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... Installation of PWD V1.0 completed at 20:20 VMSINSTAL procedure done at 20:20