Password validation
Note:
Although VAST Platform supports password checking through EMSRV, it should not be considered a highly secure system. The password checking is provided mainly as a convenience to maintain an audit trail of changes to library content.
VAST Platform supports three levels of client validation. These levels consist of the following:
• No validation. This is the default. It allows users to switch to other users within the VAST environment at will.
• Specify VAST user IDs and passwords for all users of VAST Platform. This option requires the maintenance of a passwd.dat file, plus the use of the -rp option when starting EMSRV.
• Use the native operating system user names and passwords for all users of VAST Platform. This option requires the use of the -rn option when loading EMSRV and no maintenance of a passwd.dat file.
Using a passwd.dat file
If you intend to maintain VAST user IDs on your site, you must create and maintain a passwd.dat file in EMSRV’s working directory.
This file contains the logon user IDs of all users and their respective passwords for VAST Platform. The VAST passwords should not be the users' actual logon passwords. The format of the file is one user ID and password per line, with the user ID first, followed by a single space and the password.
Note:
The passwd.dat file should have its access rights restricted so it cannot be read or written by regular VAST users.
The following shows an example of a passwd.dat file:
fred mypassword
barney secret
wilma hello
betty ZXF6
Connecting client to server when EMSRV uses native passwords
When setting up a repository, you will be prompted for a supervisor password. As the system is installed, there is a single user defined, the Library Supervisor. You must specify the Library Supervisor's password when connecting the client to the server for the first time.
If you are using passwd.dat checking, you can look in that file to locate the Library Supervisor's password. If there is not a password specified, you may at this point add one.
If you are using network password authentication, your domain controller will need to have 'supervis' (the network name of Library Supervisor) defined as a valid user.
If you want to use native password authentication but do not want to define a network userid of 'supervis', then you should perform the following steps:
1. Start EMSRV with password authentication disabled.
2. Start a client image. From the Transcript, select Tools >System>Users>Modify to change the Network Name of the Library Supervisor to a userid that is already defined on your network.
3. Exit from the client image.
4. Stop EMSRV.
5. Start EMSRV with native password authentication (-rn).
Last modified date: 02/18/2021