Manualshelf

OSI/MHS Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Management Environment for OSI/MHS
OSI/MHS Configuration and Management Manual424827-003
2-12
MS Bind Password Server Interface
MS Bind Password Server Interface
If you develop a password server using the MS bind password server interface, the MS
process sends a request to your application when it receives an MS bind request, or an
MS register request to change credentials, from a user agent. The MHS manager
process sends a request to your application when it receives an ADD, ALTER, or
DELETE APPL command from SCF or a management application. In these cases, the
request to your password application includes:
The object name of the APPL object and the O/R name of the user or users whom
the APPL object represents
The OSI address of the remote user agent (if applicable)
The password supplied in the request (or the current and proposed passwords in a
request to change the password)
Your application is expected to validate the password or proposed password. It can
also validate the O/R name or OSI address and perform other services as appropriate
to the environment.
You specify the presence of an MS bind password server as an attribute of an MS
group; OSI/MHS invokes the server on behalf of all the APPL objects that use the
group.
For more detailed information about the password server interfaces, see Section 6,
Starting, Stopping, and Updating Your OSI/MHS Subsystem, and the OSI/MHS
Management Programming Manual.
Master Password Server (MPS)
In addition to the password server programmatic interfaces, a master password server
is available for use as it is written and for customization when there are special
password requirements.
The master password server (MPS) provides enhanced control over the authorization
of bind requests for the P7 user agents configured on an OSI/MHS subsystem. The
MPS interfaces to OSI/MHS using the MS bind password server interface. Once this
interface is configured, the message store processes send requests to the MPS for
confirmation that a UA has permission to bind on. The MS does not validate the
authorization parameter (that is, the password) itself. The MPS is capable of keeping
track of changes to the user’s configuration because the MHSMGR process informs
the MPS of all ADD, ALTER, and DELETE operations on the user’s APPL object. The
MPS is consulted for register-MS operations that users can perform to change their
passwords. For more information about the master password server, see the OSI/MHS
Management Programming Manual.
Security of OSI/MHS Files, Processes, and Objects
You can limit access to OSI/MHS files, processes, and objects by using general
facilities for NonStop systems.