Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

501

502

503

504

505

506

507

508

509

510

Event-Exit-Process Commands

Safeguard Reference Manual—520618-013

15-30

Processing of Password-Quality Requests

Logon^Abort Processing

A Logon^Abort can occur during the processing of either an interactive or

programmatic authentication attempt. The $ZSMP process sends a Logon^Abort

message to the event-exit process if either of these events occurs:

•

At a Safeguard terminal, the user presses the BREAK key, or an I/O error occurs

during the logon dialog.

•

During a logon attempt processed by USER_AUTHENTICATE_, the logon dialog

times out because it takes longer than two minutes to complete. (The user takes

too long to supply input.)

Logon^Abort is indicated by the Event_Type field in the Header_Data message sent

from $ZSMP. The event-exit process checks the Message_Tag field in this message to

determine which logon session aborted. The purpose of this message is to allow the

event-exit process to deallocate the resources it allocated to process the authentication

attempt.

Timeout Policy for Authentication

If the event-exit process does not respond to a request within the configured time

interval, $ZSMP denies the authentication request. An EMS message indicates a user

has timed out, thereby indicating a problem with the event-exit process.

Other Error Handling for Authentication

Other problems that cause timeout behavior are I/O errors, disabling of the event exit,

and invalid data received from the event-exit process.

I/O errors can occur when the event-exit process halts before responding to a request,

or when it is enabled but down or restarting and the open is incomplete. In these

instances, all user requests are denied. EMS messages identify these errors.

If the event-exit process is disabled while an authentication request is pending, the

request is allowed to complete, providing it does so within the timeout interval. If a

timeout occurs, the request is denied.

If invalid data is returned in a reply from the event-exit process, the request is denied,

and an EMS message identifies the problem.

Auditing of Authentication Events

If the Safeguard software is configured for auditing of user authentication attempts,

audit records are generated for authentication events.

Processing of Password-Quality Requests

When ENABLE-PASSWORD-EVENT is ON, certain password-change events are

routed to the event-exit process. The password-quality exit allows passwords to be