LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1995, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1995, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SIGMPE - 95J02 Allow: STREAM without passwords
From:	Jon Diercks <[log in to unmask]>
Reply To:	Jon Diercks <[log in to unmask]>
Date:	Tue, 28 Mar 1995 15:57:56 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

At 11:20 AM 3/28/95 -0800, Gail Duro wrote:
>Alternatives for "STREAM without passwords"
>
>The ability to stream a job without passwords will consist of two
>separate options. The first option allows the SM, AM and user
>to stream jobs without passwords. The SM can stream all jobs,
>the AM can stream jobs within their account, and users can stream
>jobs with the same logon identity.

No problem here, sounds good.

>... The second option authorizes
>additional users to stream the job without passwords provided they
>have execute access to the job file.

Ummmmmm, I hope there's some other restriction besides just X access, else I
could do this:

:hello joeshmoe.user
:quad
/add u
!job manager.sys
!comment insert evil destructive commands here...
!eoj
//
/k myfile:u
/e
:altsec myfile;(x:CR)  <<should already have it, but just to be sure>>
:stream myfile
#j1234
:

...or does the logon user of the job have to match the creator of the file?
I remember this was discussed, but don't remember the outcome.  It would be
nice to have this capability, but I wouldn't want it to become a gotcha if
applied to a system where previously secure files suddenly become streamable
by joeshmoe.

>Based on previous feedback, two implementations for "STREAM without passwords"
>have been examined. We request your feedback to the following questions.
>
>1. How often would the system manager want to change the setting of this
>   feature?

Would probably make a policy decision and set it 'forever'.

>2. Choose one: you would prefer to control this feature
>               via sysgen or online via a command.
>

An enhanced :JOBSECURITY command seems the most logical place to put this.

  -----------------------------------------------------------------------
               Jon Diercks -------- mail: [log in to unmask]
        Programmer/Analyst   /||  | talk: [log in to unmask]
        Computing Services  /_||  | WWW : http://rowlf.csv.anderson.edu/
       Anderson University /  ||__| tel : (317)641-4305
        Anderson, IN 46012 -------- fax : (317)641-3851
    o________________________________________________________  ___
    _\_,                                                     \=`==^==>
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ATOM RSS1 RSS2

RAVEN.UTC.EDU