TACL Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

441

442

443

444

445

446

447

448

449

450

Built-In Functions and Variables

HP NonStop TACL Reference Manual—429513-018

9-42

#CHANGEUSER Built-In Function

Safeguard facility if Safeguard is running. Otherwise, the VERIFYUSER system

procedure is called by TACL.

•

If the user ID and password are syntactically correct (but not necessarily valid),

TACL sends a pre-LOGON message to $CMON (if that user-supplied monitoring

process exists) for additional validation before calling VERIFYUSER. In addition,

TACL sends LOGON messages to $CMON during the logon process. For more

information about $CMON, see Section 6, The TACL Environment.

•

If the logon operation is rejected, either by the USER_AUTHENTICATE_

procedure or by $CMON, TACL notifies you of the failure but does not specify

whether user-name or password was wrong.

•

If the USER_AUTHENTICATE_ procedure fails to recognize the user information

given during the logon operation, the TACL built-in variable #ERRORNUMBERS

contains the error information. To display the error information, issue these

commands:

#PUSH n1 n2 n3 n4

#SETMANY n1 n2 n3 n4, [#ERRORNUMBERS]

where:

n1 = 1074 (Invalid user name or password)

n2 = error return from USER_AUTHENTICATE_

n3 = error return detail from USER_AUTHENTICATE_

n4 = 0

If n2 contains 0 (no error state returned), USER_AUTHENTICATE_ is not in the

system library or Safeguard is not running. If Safeguard is not running, n3 and n4 are

set to 0.

•

If Safeguard is running and the number of login attempts exceeds the number

specified by Safeguard, TACL sends an illegal LOGON message (code - 53) to

$CMON. If Safeguard is not running, after the third logon failure (the default) and

all subsequent logon failures, TACL sends an illegal LOGON message (code - 53)

to $CMON until a logon succeeds. Each time it sends the illegal LOGON message,

TACL displays the $CMON reply (if not empty). Safeguard and

USER_AUTHENTICATE_ security logic can impose a delay before the next

prompt. You cannot exit from the delay by pressing the BREAK key.

•

Both the LOGON command (issued while you are already logged on) and the

#CHANGEUSER built-in function change your identity while keeping your previous

IDs, variables, segment files, and so on. The principal difference is that with

LOGON you assume both the saved (logon) default subvolume and the current

default subvolume of the new ID; with #CHANGEUSER, you assume the saved

default subvolume of the new ID, but remain in the subvolume that was current at

the time you invoked the function.

•

You can configure TACL to disable logons from a logged-on state. To alter the

configuration, CMON should reply with the NOCHANGEUSER field set to -1. For

more information, see the Guardian Programmer’s Guide. If the capability is