LISTSERV - HP3000-L Archives

HP3000-L Archives

August 1995, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 1995, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	HP-3000 Systems Discussion <[log in to unmask]>
Subject:	Re: Disable user?
From:	[log in to unmask]
Date:	Mon, 21 Aug 1995 03:46:57 GMT
Organization:	Netcom
Reply-To:	[log in to unmask]
Parts/Attachments:	text/plain (58 lines)

In <H00000660002c767@MHS>, [log in to unmask] writes:
>Larry Cox asks:
>> Does anyone know of a way to temporarily disable a user short of removing
the
>> user name and/or changing the password?  Security Monitor is an option and
our
>> OS is MPEIX 5.0.
>
>How about:
>
>:ALTUSER bozouser.account;CAP=-IA
>
>This will prevent the user logging on from a terminal as a session at least.
>You can later do the same command with ;CAP=+IA to put him back.

Ok, I'll stick my foot into this and point out this won't stop a user from
entering
    :JOB bozouser.acct
at the MPE/iX: prompt.  Admittedly, this is a little difficult to work with
from the
user's standpoint (have to include the leading :/!, and one typo and you're
logged
off...), but the user still has access.

As Dan pointed out, security software such as VESOFT's Security/3000 (or any
other decent package, for that matter) has a multitude of ways for disabling
users.
For the "one off" solution, anything mentioned here should suffice (setting a
BYE
UDC, removing IA/BA cap, setting TIME to 0, etc).  For long term/repetitive
bouncings, Security/3000 can be setup to check for the existance of a given
file, either in the user's home group or in any specific group you specify, and
disallow access if the file exists (or, conversly, if it DOESN'T exist or if it
hasn't
been modified "recently".  Really useful for allowing HP tech's on for a day or
two,
then automatically "closing" this access without you having to remember it
specifically.)

One of my favorites (because I wrote it when I was there) is the following:

   $FORBID "BEGIN WRITELN ('Validating access with operator -- please wait');&
                ups(printopreply('OK for HP tech to log on?'))<>'YES' end"
                "Operator forbade logon - see ya!"
                @,@.telesup+@,@.support

This generates a standard :RECALL request on the console in order for the user
to log on, and additionally lets the user know that this is happening
(otherwise
the user thinks the system/modem is hung because there is NO other response
until the operator replies!)

Tom Emerson
Modular Data, Inc.
std. disclaimer applies -- above ramblings are what I learned while at VESOFT,
but
I don't work there anymore...

ATOM RSS1 RSS2

RAVEN.UTC.EDU