Subject: | |
From: | |
Reply To: | |
Date: | Mon, 13 Feb 1995 19:47:47 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
>Michael Hensley ([log in to unmask]) wrote (2/9):
>
>> These jobs have not been up-to-date in *years*, and were removed
>> from the documentation (I removed them myself). I *think* the
>> new version 2.5 of Security can provide a better solution through
>> Procedure Exits (you can apparently change the pro-logon prompt,
>> messages, even the syntax of the HELLO command) ...
>
>Procedure Exists, including those to 'hook' into the logon process
>were available as patches to MPE/XL releases 3.0 & 3.1 and then
>bundled into MPE/iX 4.0. ... Someone from Vesoft would have to respond as to
>the features of their new version.
>
>-- Jerry
Allow me to supply a few answers:
- VESOFT's SECURITY/3000 product continues to support MINLOGON and MAXLOGON,
job streams that modify the System message catalog to remove all
helpful hints that might be gleaned from the logon error messages.
The help text for both is available online within MPEX by typing:
%HELP MINLOGON or %HELP MAXLOGON
If anyone knows of messages that we fail to intercept, please let us
know, and we'll fix it.
- Version 25 of SECURITY/3000 makes use of AIF:PE (procedure exits) to
add the ability to implement logon security for interactive Jobs and
Sessions without relying on System-wide UDCs. Jerry, I believe that
when you started beta-testing version 25 last year this had not yet
been released. If you'd like to take a look, please ask VESOFT tech
support to send you the latest version.
- Version 25 also uses AIF:PE to allow interception of logons that don't
result in the CI being run in an interactive environment, such as
auto-logon DSCOPYs, and FTP access.
- Version 25 also uses AIF:PE to allow the definition of synonyms for the
HELLO command: you can define shorter alternatives ('HI'), you can remove
the need for HELLO at all (I logon as 'PAUL', that's ALL I type). You
can also (more relevant for this discussion) define a replacement for
the HELLO command, and prevent anyone logging on by typing HELLO anything.
One last (important) note to anyone considering using AIF:PE to implement
security enhancements: don't forget to (somehow) secure the PEUTIL program
that HP thoughtfully leave behind in PUB.SYS. Using it, any user on the
system can disable ALL procedure exits, system-wide. We had to use another
procedure exit to close this loophole, in such a way that the SM (only)
can disable AIF:PE in an emergency.
Paul Taffel
VESOFT Development Staff
[log in to unmask] (310) 282 0420
|
|
|