LISTSERV - HP3000-L Archives

HP3000-L Archives

April 2002, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 2002, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Help on account Security
From:	"Paul H. Christidis" <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 24 Apr 2002 12:37:44 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (72 lines)

Alan,

One way would be to place the account password into a file and have an
account level UDC that requires every other user to supply the password.
One possible scenario would be:

1.  Stand alone file with the following contents:
     setvar _acct_password "KEEPOUT"

   The above file could be kept in the 'posix' space to 'shield' it a bit.
Let us assume that is named "/ACCT/PUB/p_list.private"


2.  The following account level UDC: (Replace with 'site specific' values
where applicable)

     checkpassword
     option logon, nohelp
     file x =/ACCT/PUB/p_list.private
     if HPUSER <> "user_in_question" then
       xeq *x
       INPUT _user_password;prompt="Account password ?"
       setvar _user_password RTRIM(LTRIM(UPS(_user_password)))
       if _user_password = _acct_password then
          deletevar @_password > $null
          reset x
       else
          echo Invalid Account Password
          bye
       endif
     endif
     *********

Keep in mind, however, that the above will NOT get invoked for FTP
connections.

Regards
Paul Christidis


Hi Folks

I'm sure someone must have wanted to do this and found a cleaver way to
do it. Any help greatly appreciated.

On an external HP3000 I have an Account with an Account password.

I would like to be able to set up a logon user in that account such that
they don't need to know the account password.

I'm quite happy to set up a group for them to log into, and to have a
logon udc that can do whatever is required, I'm even happy for the user
to have a password, I just don't want to give them the account password.


And no I won't be able to install any third party security software on
the machine, so I have to be able to do it via MPE/iX 7.0 commands,
UDC's etc or a program residing in that account.

Any thoughts?
--
Alan Yeo
[log in to unmask]    Just because you're paranoid
Phone +44 1684 291710   it doesn't mean someone isn't!.
Fax   +44 1684 291712

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU