Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Securing Terminals
Safeguard Administrator’s Manual—523317-013
7-2
Control of the Logon Dialog
Control of the Logon Dialog
When you add a terminal definition record, the Safeguard software takes over control
of the logon dialog at that terminal. In earlier RVUs, certain extended features, such as
warning of a pending password expiration, were available only at a Safeguard terminal.
Effective with D30 product versions, the TACL command interpreter also provides
these logon features when Safeguard is running on the system.
From the user’s perspective, the Safeguard logon dialog is the same as the TACL
logon dialog. As long as Safeguard is running on your system, all security controls and
logon features, such as the password expiry grace period, are enforced whether or not
the terminal is defined as a Safeguard terminal.
For more information about the logon dialog at a Safeguard terminal, see the
Safeguard User's Guide.
Starting a Command Interpreter
When you add a terminal definition record, you can specify that a particular command
interpreter be started automatically at that terminal after user authentication. A
command interpreter can also be specified in a user authentication record and in the
Safeguard configuration record.
The Safeguard software resolves any conflicts among these records by searching for a
command interpreter specification in the following order: user record, terminal record,
Safeguard configuration record. The first specification found during the search is the
command interpreter that is started after user authentication. Therefore, a command
interpreter specified in a user authentication record always takes precedence over one
specified in a terminal record or Safeguard configuration record.
If no command interpreter is specified in the user authentication record or in the
terminal definition record, the command interpreter defined in the Safeguard
configuration record is used. Unless you use the ALTER SAFEGUARD command to
Table 7-2. TERMINAL Command Summary
Command Description
ADD TERMINAL Adds a terminal definition record with the specified terminal
attribute values.
ALTER TERMINAL Changes one or more attribute values in a terminal definition
record.
DELETE TERMINAL Deletes a terminal definition record.
FREEZE TERMINAL Disables a terminal from accepting the LOGON command.
INFO TERMINAL Displays the existing attribute values in a terminal definition record.
THAW TERMINAL Reenables a frozen terminal so that it accepts the LOGON
command.