Safeguard Reference Manual (G06.29+, H06.08+, J06.03+)
Table Of Contents
- Safeguard Reference Manual
- Legal Notices
- Contents
- What is New in this Manual
- Manual Information
- New and Changed Information
- Changes to the 520618-030 manual
- Changes to the 520618-029 manual
- Changes to the 520618-028 manual
- Changes to the 520618-027 manual
- Changes to the 520618-026 manual
- Changes to the 520618-025 manual
- Changes to the H06.22/J06.11 manual
- Changes to the H06.21/J06.10 Manual
- Changes to the H06.20/J06.09 Manual
- Changes to the 520618-020 Manual
- Changes to the H06.19/J06.08 Manual
- About This Manual
- 1 Introduction
- 2 Common SAFECOM Language Elements
- 3 The Command to Run SAFECOM
- 4 SAFECOM Session-Control Commands
- 5 User Security Commands
- 6 User Alias Security Commands
- 7 Group Commands
- 8 Disk-File Security Commands
- Disk-File Ownership
- Disk-File Access Authorities
- Disk-File Access Authorization
- Disk-File Security Command Summary
- Syntax of Disk-File Security Commands
- ADD DISKFILE Command
- ADD DISKFILE-PATTERN Command
- ALTER DISKFILE Command
- ALTER DISKFILE-PATTERN Command
- DELETE DISKFILE Command
- DELETE DISKFILE-PATTERN Command
- FREEZE DISKFILE Command
- FREEZE DISKFILE-PATTERN Command
- INFO DISKFILE Command
- INFO DISKFILE-PATTERN Command
- RESET DISKFILE Command
- RESET DISKFILE-PATTERN Command
- SET DISKFILE Command
- SET DISKFILE-PATTERN Command
- SHOW DISKFILE Command
- SHOW DISKFILE-PATTERN Command
- THAW DISKFILE Command
- THAW DISKFILE-PATTERN Command
- SAFECOM Saved Diskfile Pattern Commands
- ADD SAVED-DISKFILE-PATTERN Command
- ALTER SAVED-DISKFILE-PATTERN Command
- DELETE SAVED-DISKFILE-PATTERN Command
- FREEZE SAVED-DISKFILE-PATTERN Command
- INFO SAVED-DISKFILE-PATTERN Command
- RESET SAVED-DISKFILE-PATTERN Command
- SET SAVED-DISKFILE-PATTERN Command
- SHOW SAVED-DISKFILE-PATTERN Command
- THAW SAVED-DISKFILE-PATTERN Command
- 9 Disk Volume and Subvolume Security Commands
- Volume Authorization Record Ownership
- Subvolume Authorization Record Ownership
- Volume and Subvolume Access Authorities
- Volume and Subvolume Access Authorization
- Volume and Subvolume Security Command Summary
- Syntax of Disk Volume and Subvolume Security Commands
- ADD VOLUME and SUBVOLUME Commands
- ALTER VOLUME and SUBVOLUME Commands
- DELETE VOLUME and SUBVOLUME Commands
- FREEZE VOLUME and SUBVOLUME Commands
- INFO VOLUME and SUBVOLUME Commands
- RESET VOLUME and SUBVOLUME Commands
- SET VOLUME and SUBVOLUME Commands
- SHOW VOLUME and SUBVOLUME Commands
- THAW VOLUME and SUBVOLUME Commands
- 10 Device and Subdevice Security Commands
- Device and Subdevice Authorization Record Ownership
- Device and Subdevice Access Authorities
- Device and Subdevice Access Authorization
- Device and Subdevice Security Command Summary
- Syntax of Device and Subdevice Security Commands
- ADD DEVICE and SUBDEVICE Commands
- ALTER DEVICE and SUBDEVICE Commands
- DELETE DEVICE and SUBDEVICE Commands
- FREEZE DEVICE and SUBDEVICE Commands
- INFO DEVICE and SUBDEVICE Commands
- RESET DEVICE and SUBDEVICE Commands
- SET DEVICE and SUBDEVICE Commands
- SHOW DEVICE and SUBDEVICE Commands
- THAW DEVICE and SUBDEVICE Commands
- 11 Process and Subprocess Security Commands
- Process and Subprocess Security
- Process and Subprocess Access Authorities
- Special NAMED and UNNAMED Process Protection Records
- Process and Subprocess Security Command Summary
- Syntax of the Process and Subprocess Security Commands
- ADD PROCESS and SUBPROCESS Commands
- ALTER PROCESS and SUBPROCESS Commands
- DELETE PROCESS and SUBPROCESS Commands
- FREEZE PROCESS and SUBPROCESS Commands
- INFO PROCESS and SUBPROCESS Commands
- RESET PROCESS and SUBPROCESS Commands
- SET PROCESS and SUBPROCESS Commands
- SHOW PROCESS and SUBPROCESS Commands
- THAW PROCESS and SUBPROCESS Commands
- 12 OBJECTTYPE Security Commands
- 13 Security Group Commands
- 14 Terminal Security Commands
- 15 Event-Exit-Process Commands
- 16 Safeguard Subsystem Commands
- 17 Running Other Programs From SAFECOM
- A SAFECOM Error and Warning Messages
- B Disk-File Access Rules
- Index
Event-Exit-Process Commands
Safeguard Reference Manual — 520618-030
15 - 4
ADD EVENT-EXIT-PROCESS Command
Locally authenticated super-group members are treated as undeniable and all
other users are considered as deniable.
ENABLE-AUTHENTICATION-EVENT { ON | OFF }
specifies whether authentication events are to be sent to the event-exit
process. ON indicates that the events are sent to the event-exit process when
it is enabled. For a complete list of events sent when ENABLE-
AUTHENTICATION-EVENT is ON, see Design Considerations on page 15-24.
For more information, see ENABLE-PASSWORD-EVENT { ON | OFF } on
page 15-4.
The default value is OFF. If you omit this attribute, it is set to the default value.
ENABLE-AUTHORIZATION-EVENT { ON | OFF }
specifies whether authorization events are to be sent to the event-exit process.
ON indicates that the events will be sent to the event-exit process when it is
enabled. For a complete list of events that are sent when ENABLE-
AUTHORIZATION-EVENT is ON, see Design Considerations on page 15-24.
The default value is OFF. If you omit this attribute, it is set to the default value.
ENABLE-PASSWORD-EVENT { ON | OFF }
specifies whether password change events are to be sent to the event-exit
process for a password-quality check. ON indicates that the events are sent to
the event-exit process when it is enabled.
If ENABLE-PASSWORD-EVENT is ON and ENABLE-AUTHENTICATION-
EVENT is also ON, password changes that occur during a logon dialog are not
sent to the password-quality exit. In this instance, the password-quality exit is
invoked only for password changes from the PASSWORD program and from
the Safeguard ADD USER, ALTER USER, ADD ALIAS, and ALTER ALIAS
commands.
If ENABLE-PASSWORD-EVENT is ON and ENABLE-AUTHENTICATION-
EVENT is OFF, all password change events are sent to the password-quality
exit for evaluation. For more information, see
Design Considerations on
page 15-24.
The default value is OFF. If you omit this attribute, it is set to the default value.
PROG [prog-filename]
specifies the name of the object program file to be run when the ENABLED
attribute is se
t to ON. It must be a local file name. prog-filename must be
specified before the ENABLED attribute can be set to ON.
Note. The TIMEOUT-ALL-AUTHZREQ attribute is supported only on systems running
H06.26 and later H-series RVUs and J06.15 and later J-series RVUs.