Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Subsystem Commands
Safeguard Reference Manual—520618-013
16-9
ALTER SAFEGUARD Command
PASSWORD-EXPIRY-GRACE can also be specified in individual user
authentication records. If the value of this attribute is not specified in a user
authentication record, the Safeguard software uses the value specified in the
Safeguard configuration record.
PASSWORD-ENCRYPT { ON | OFF }
defines whether new passwords are stored in an encrypted form. Changing
this setting does not affect current passwords. The initial value is OFF.
CHECK-DEVICE { ON | OFF }
defines whether the device ACL is consulted to determine access to devices
and subdevices. The initial value is ON. (Device ACLs are consulted.)
CHECK-SUBDEVICE { ON | OFF }
defines whether the subdevice ACL is consulted to determine access to
subdevices. The initial value is OFF. (Subdevice ACLs are not consulted.)
DIRECTION-DEVICE { DEVICE-FIRST | SUBDEVICE-FIRST }
defines the direction in which device and subdevice ACLs are consulted to
determine access to devices and subdevices when both CHECK-DEVICE and
CHECK-SUBDEVICE are ON. The initial value is DEVICE-FIRST.
DEVICE-FIRST
specifies that device ACLs are to be consulted before subdevice ACLs.
SUBDEVICE-FIRST
specifies that subdevice ACLs are to be consulted before device ACLs.
COMBINATION-DEVICE { FIRST-RULE | FIRST-ACL | ALL }
defines the method by which overlapping ACLs are resolved for access to
devices and subdevices. COMBINATION-DEVICE is used in conjunction with
DIRECTION-DEVICE to resolve access conflicts. The initial value is FIRST-
ACL
FIRST-RULE
specifies that the Safeguard software is to determine access by searching
the ACLs until it finds the user ID mentioned.
Note. Passwords are stored unencrypted. Any process with access to the
$SYSTEM.SYSTEM.USERID file can identify the current passwords. The initial value
for PASSWORD-ENCRYPT is ON only on systems running G06.29 and later G-series
RVUs and H06.06 and later H-series RVUs.