Guardian Procedure Calls Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

1441

• Authenticating a user

If authentication without logon is requested (options.<15> is 0), USER_AUTHENTICATE_

authenticates the user, but you cannot assume that user’s identity and you cannot log on. You

must supply a password even if you do not request a logon unless:

◦ You are the super ID (and options.<7> is not set to 1).

◦ You are the group manager (*,255) (and options.<7> is not set to 1).

◦ You are a user inquiring about yourself (and options.<7> is not set to 1).

• Logging on

If authentication with logon is requested (options .<15> is set to 1) and Safeguard software

is running, and if the Safeguard parameter PASSWORDREQUIRED is set to ON, you can

assume that user’s ID if:

◦ You know the user’s password.

Alternatively, if authentication with logon is requested (options.<15> is set to 1) and either

Safeguard software is running, and the Safeguard parameter PASSWORD-REQUIRED is set

to OFF or Safeguard software is not running, you can assume that user’s ID if:

◦ You are the super ID (and options.<7> is not set to 1).

◦ You are the group manager (*,255) (and options.<7> is not set to 1).

◦ You know the user’s password.

• Disabling special authentication and logon privileges of the super ID and the group manager

If authentication is required regardless of who is executing the calling process, set

options.<7> to 1. Setting this option overrides the special rules that otherwise allow the

super ID or group manager to perform authentication or logon without providing the correct

password. The effects of this option are enforced irrespective of whether Safeguard software

is active and irrespective of whether options.<15> is set.

This bit enables server processes running as the super ID to check a requester’s password

without being able logon.

• Incorrect password timeout

When Safeguard software is running, the number of times that a process can pass an invalid

password to USER_AUTHENTICATE_ before the process is suspended and the length of time

that the process is suspended are set during Safeguard configuration. When Safeguard

software is not running, any process that passes an invalid password to USER_AUTHENTICATE_

for the third time is suspended for 60 seconds.

• Enabling the privlogon functionality:

Setting the options bit 2 enables the privlogon functionality. This bit in conjunction with

the value specified by bit 15 denotes the nature of privlogon requested. In systems where

◦

Safeguard is running a program file that invokes USER_AUTHENTICATE_ with options

bit 2 and 15 set to 1, and whose Safeguard disk-file attribute, PRIV-LOGON, is set to

ON, you may request a successful logon without supplying a password. Similarly, a

program file that invokes the USER_AUTHENTICATE_ with options bit 2 set to 1 and

15 set to 0, and whose Safeguard disk-file attribute, PRIV-LOGON, is set to ON, is not

subjected to a time delay on supplying an incorrect password during authentication.

USER_AUTHENTICATE_ Procedure 1449