XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

311

312

313

314

315

316

317

318

319

320

XYGATE

User Authentication

™

Reference Manual

Appendix B: The UAACL File

XYPRO Technology Corporation 285 Proprietary and Confidential

B46: SAFEGUARD_PRIVLOGON

The SAFEGUARD_PRIVLOGON feature allows a program to set a special flag when

calling USER_AUTHENTICATE_, and if the program also has a Safeguard diskfile

ACL that has the PRIV-LOGON flag set, then logons are allowed without a password

regardless of the Safeguard PASSWORD-REQUIRED setting.

If a program sets the flag but it does not have an ACL or the PRIV-LOGON flag, then

the USER_AUTHENTICATE_ flag is stripped by Safeguard before being sent to XUA.

This anomaly will happen on systems that are running a version of the OS previous to

the versions that support the Safeguard PRIV-LOGON feature. Because Safeguard

does not know about the feature on those systems and if a program sets the flag, it

does not get stripped, and XUA will allow the logon.

Syntax:

SAFEGUARD_PRIVLOGON {ON | OFF}

Example: How to Make XYGATEAC to logon with SAFEGUARD PRIVLOGON

UAGROUP XYGATE-ACCESS-CONTROL

DESCRIPTION "XAC CAN LOGON AS ANYONE"

FROM_USER $EVERYONE

TO_USER $EVERYONE

REQUESTOR $SYSTEM.XYGATEAC.XYGATEAC

SAFEGUARD_PRIVLOGON ON

DIALOG_MODE OFF

AUDIT_ACCESS_PASS ON

AUDIT_ACCESS_FAIL ON

PASSWORD_REQUIRED OFF

XUA will only respect the Safeguard PRIV-LOGON flag if the

SAFEGUARD_PRIVLOGON keyword is set to ON for a UAGroup. The default value is

OFF.

When an XAC command is configured with:

USER_SWITCH SAFEGUARD_PRIVLOGON

the XUA UAGROUP used to authorize the logon operation must have a setting of

SAFEGUARD_PRIVLOGON ON. If that setting is not present, then XAC’s attempt to

switch users will fail, and the XAC command will not run.

Refer to the USER_SWITCH keyword in the ACCONF or ACACL files appendices in

the XYGATE Access Control (XAC) Reference Manual (HP part number 657928).