Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the Application Programmer

Security Management Guide—522283-008

6-2

Authentication User IDs

Automatic Execution Through TACL

The TACLCSTM file in the user’s default subvolume can be configured so that the user

is placed directly into your application.

For example, the last few lines of the TACLCSTM file for CLERK.ROBIN might be:

RUN $DATA.APP.PROG

LOGOFF

Then, when CLERK.ROBIN successfully completes the logon procedure, the TACL

process on Robin’s terminal executes the TACLCSTM file, which contains orders to

execute the $DATA.APP.PROG program. When this program finishes, TACL resumes

its execution of the TACLCSTM file, finds the LOGOFF command, and logs

CLERK.ROBIN off the system.

In the previous example, you could also disable the BREAK key by inserting #SET

#BREAKMODE DISABLE as the first statement in the TACLCSTM file. This would

ensure that CLERK.ROBIN does not break out of the TACLCSTM file and have access

to TACL commands.

Automatic Execution Through Safeguard

On terminals controlled by the Safeguard software, the user can be placed directly into

your application after logging on. To add a terminal to the Safeguard database, a

member of the SECURITY-ADMINISTRATOR security group (or the super group if no

SECURITY-ADMINISTRATOR group exists) must create a terminal definition with the

ADD TERMINAL command.

After a user is authenticated at a Safeguard terminal, a program is started on the

user’s behalf. By default, the program is TACL. However, a member of the SECURITY-

ADMINISTRATOR security group can specify that your application is started instead.

When the user quits your application, the user is automatically logged off.

Your application can be specified as the startup program at three different levels:

•

Through the CI-PROG attribute of the user authentication record. This value is

checked first.

•

Through the PROG attribute of the terminal definition. This value is checked

second.

•

Through the CI-PROG Safeguard global configuration attribute. This value is

checked last.

For more information, see the Safeguard Administrator’s Manual.

Note. For sensitive environments, you might want to start the application on the terminal

directly and have the application perform the USER_AUTHENTICATE_ procedure call for

authentication of the user.