From:	SMTP%"vandenheuvel@eps.enet.dec.com"  7-APR-1995 09:39:18.82
To:	EVERHART
CC:	
Subj:	Re: Flush password history list

From: vandenheuvel@eps.enet.dec.com (Hein RMS van den Heuvel)
X-Newsgroups: comp.os.vms
Subject: Re: Flush password history list
Date: 7 APR 95 00:40:07
Organization: Digital Equipment Corporation
Lines: 28
Message-ID: <3m2gba$7i3@jac.zko.dec.com>
NNTP-Posting-Host: AMUZED
To: Info-VAX@Mvb.Saic.Com
X-Gateway-Source-Info: USENET


In article <D6KAt2.BJn@info.bris.ac.uk>, tjl@siva.bris.ac.uk (Tim Llewellyn) writes...
> 
> 
>Hi
> 
>One of our users decided to try and fool the VMS password history list.
>In the VMS System Managers manual it states that the history list size
>is 60, so the user procedes to change his password 60 times in the hope

That 60 is controlled via a logical I believe. See system security doc.

Anyway, the password history list is just an indexed file with a 
record per username and an array of date + hashed-value pairs.  
I you believe this user deserves to be helped, you could consider
to use a privved account to iusse :
	$open/read/write/share=write pass sys$system:vms$password_history.data 
	$read/key=funnyperson pass rec
	$show sym rec                   
	$if <record-looks-good> then read/delet/key=funnyperson pass rec
	$close

No, I have not tried this and yes, spelling might be slightly wrong.

Hope this helps,		+--------------------------------------+
Hein van den Heuvel, Digital.	| All opinions expressed are mine, and |
  "Makers of VMS and other	| may not reflect those of my employer |
   fine Operating Systems."	+--------------------------------------+
