OSI/MHS Management Programming Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

631

632

633

634

635

636

637

638

639

640

Password Server Interfaces

OSI/MHS Management Programming Manual—424824-001

7-17

Command and Response Tokens

Tokens in Response Buffer

ZMHS-PASSW-STATUS

defines whether the operation was successful. This token is required.

ZVALUE

defines the status. Possible values are:

ZMHS-VAL-PASSW-OK

ZMHS-VAL-PASSW-ERROR

Programming Considerations

For security purposes, the password server process should check each requester process.

This is done by checking the name of the requester process and its owner. Checking the

requester process could prevent any unwanted processes from gaining information from

the password server process by using the SPI requests.

If the password server receives an SPI command that it does not recognize (such an

unrecognized service or command), then the password server process should reply with

the value of ZMHS-MAP-PASSW-STATUS set to ZMHS-VAL-PASSW-ERROR.

You should design the password server process to reply to the MRP as quickly as

possible. The MRP waits for the reply before continuing processing.

You can use the password server process to impose other restrictions on association

establishment, in addition to password generation.

There is no requirement that the password server process be a NonStop process pair.

The MRP makes no assumptions about the password server process. The MRP makes a

single, immediate retry attempt for any failed communication.

The MS password server is responsible for safely storing (for example, on disk) the

password and, optionally, the OSI address configuration information for each MS APPL

object it is supporting.

When the MS password server is configured, then OSI/MHS does not maintain the

APPL objects password in its user database. This is part of the general security

requirement. The MHS manager puts a NULL password in the user database for APPL

objects that were added or altered using the MS password server. The MS puts a NULL

password in the user database the first time a user binds on when an MS password server

is configured.

When the MS password server is not configured, it is possible that the user database

contains NULL passwords. The NULL passwords would be for those APPLs that were

added or altered or who bound on while the password server was configured. When this

occurs, the MS uses the NULL password configured in the database and this matches

any incoming password.

There is no requirement that the password server process be a NonStop process pair.