OSI/MHS Management Programming Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

631

632

633

634

635

636

637

638

639

640

Password Server Interfaces

OSI/MHS Management Programming Manual—424824-001

7-22

MPS Concepts and Components

Validation of SPI Requests

The MPS process receives Bind and Register requests from the MS process, and

ALTER, ADD, and DELETE requests from the MHSMGR process, in the form of SPI

messages. It validates these types of SPI requests as follows:

•

For all ADD, ALTER, and DELETE requests received over the MS bind password

server interface, the MPS process validates that the requester is the MHSMGR of

the subsystem in which the MPS is defined, and that the owner of the requester is

the same as the owner of the MPS process.

Anyone who is authorized to issue sensitive commands is permitted to ADD,

ALTER, or DELETE an APPL object: the MPS process does not validate the

password in the request.

•

For an ADD command, the MPS process verifies that there is no APPL already

configured in its database with the same APPL name.

•

For an ALTER command, the normal mode of operation of the MPS process is to

verify that there is already an entry in its database for the specified APPL. In a

special mode of operation, the MPS process treats an ALTER command as an ADD

command if there is no APPL already configured in its database and the ALTER

command specifies a new password. (This feature is provided so you can easily add

the MPS to an active system.)

•

For a DELETE command, the MPS process verifies that there is an entry in its

database for the specified APPL.

•

For MS Bind and Register-MS requests received over the MS bind password server

interface, the MPS process validates that the owner of the requesting MS process is

the same as the owner of the MPS process. It also ensures that the request includes

either the master password or the password of the user who owns the mailbox.

Optionally, it can check the OSI address in the request to see whether it matches the

OSI address of the user who owns the mailbox.

•

For a Bind request, the MPS process uses the following basic algorithm for

validating the request:

IF (master user bind) THEN

IF (master allowed to bind AND

password supplied matches master password) THEN

IF ( ("Check OSI addresses" flag is TRUE) AND

(Bind is over the remote P7 interface) ) THEN

IF (OSI address supplied is the same as

master OSI address) THEN

reply to MS with OK status

ELSE

reply to MS with ERROR status

ENDIF

ELSE

reply to MS with OK status

ENDIF

ELSE

reply to MS with ERROR status

ENDIF