Spring, 1990 VAX SIG Tape Submission

                           Allied Electronics, Inc.
                              Fort Worth, Texas


       Items within this directory structure are used to maintain some
       semblance of password security here at Allied.  I require that
       passwords not be reused and that they not be found in a typical
       dictionary.  Check_Password and Pass are the tools I use to
       enforce these requirements.


     Check_Password   [.Allied.Check_Password]

       This is a re-working of Ted Nieland's submission on the Spring
       '89 SIG Tape.  It looks for weak passwords by comparing every
       word in dictionary files (which were included quite a while back
       with the VAX SIG-distributed Vassar spelling checker system) to
       the passwords from every non-DISUSERed account on the system.
       While Mr. Nieland's program was driven by a username list that
       had to be manually maintained, this one reads records from the
       SYSUAF.DAT file. Since our SYSUAF gets changed almost every day,
       I find it's much easier to use this method rather than trying to
       maintain a list.  I run this on odd-numbered Sunday nights.


    Send_Mail   [.Allied.Check_password]

       A somewhat updated version of a function I submitted to the
       Spring '89 SIG tape (it now handles distribution lists), this one
       makes use of DEC's (still) undocumented/unsupported callable mail
       routines.  Pass this guy TO, CC, SUBJECT, and either a line of
       text or a filespec to send, and it will send it via VMS Mail for
       you.  Very handy for automated messaging from within a program.
       Source and Object code is included.  I'm resubmitting it here
       because it's used in the Check_Password program.


    Pass  [.Allied.Pass]

       This is an unmodified resubmission of another SIG tape goodie
       which I have included to fill out this submission.  I kept the
       entire directory from the tape, but unfortunately its original
       source is not identified within the AAAREADME file (plus I've
       lent out the tape it's on and can't look it up).  This program
       builds and maintains a database of hashed passwords and checks to
       be sure your users don't re-use their passwords.  It does this
       without having any idea what those passwords are.  If it finds a
       match, it expires that user's password and mails a message
       telling what it's done to the miscreant, and sends a list of
       those usernames to me.

       Execute FIRST.COM one time to set up the database, and then
       schedule PASS.COM to run as often as you want.  The only
       site-specific code you'll need to change is in PASS.COM, and the
       whole package assumes that everything is in the same directory.
       I run this every night.




       Any comments, questions, etc., about this submission should be
       directed to:


                                  Alan Bruns
                           Allied Electronics, Inc.
                              7410 Pebble Drive
                            Fort Worth, TX  76118
                                (817) 595-6420