OSI/MHS Management Programming Manual
Password Server Interfaces
OSI/MHS Management Programming Manual—424824-001
7-23
MPS Concepts and Components
ELSE ** normal APPL bind request **
IF (password supplied matches APPL password) THEN
IF ( ("Check OSI addresses" flag is TRUE) AND
(Bind is over the remote P7 interface) ) THEN
IF (OSI address supplied is OK) THEN
reply to MS with OK status
ELSE
reply to MS with ERROR status
ENDIF
ELSE
reply to MS with OK status
ENDIF
ELSE IF (password matches master password) THEN
reply to MS with OK status
ELSE ** not APPL OR master password **
reply to MS with ERROR status
ENDIF
ENDIF
•
For a Register-MS request, the MPS process uses the following basic algorithm for
validating the request:
IF (master user register-MS) THEN
IF (master allowed to register-MS AND
old password supplied matches master password) THEN
update configuration db with new master password
reply to MS with OK status
ELSE
reply to MS with ERROR status
ENDIF
ELSE ** normal APPL register-MS request **
IF (old password matches APPL password) THEN
update APPL authorization db with new APPL password
reply to MS with OK status
ELSE
reply to MS with ERROR status
ENDIF
ENDIF
•
If the MPS process receives a SPI command that it does not recognize (for example,
an unrecognized service or command), it returns an error to the requester.
•
The MPS process also receives open and close system messages, so it can validate
that a process has opened it before allowing requests from that process.
Audit -Trail File
You can request that the MPS log requests and results to an audit-trail file. The logging
of this information can be useful for identifying suspected security problems but can
adversely affect the performance of the MPS.
Note. The MPS receives and validates only Register-MS requests that would change a user’s
credentials (password). It validates only the part of the request that specifies such a change.
Only the owner of a mailbox may use a Register-MS request to change the password.