|
HP OpenVMS Systemsask the wizard |
|
The Question is: Is it possible in VMS to restrict the login of a user account to specific terminals? Background: the [company] has defined workareas. All workers of one workarea uses the same vms-account. If one worker change the workarea and therefore works in a different location he should no longer be able to login with his old account. A workarea has about 700 workers in 3 shift operation and it is impossible to work with individuell accounts. Thank you in anticipation The Answer is :
Inferring details left unstated in the question, it appears there
is a belief that an accountability and/or security problem exists.
The OpenVMS Wizard would strongly encourage the use of individually
assigned usernames and unique UICs, as this provides for better
security and better accountability. Many OpenVMS sites operate with
numbers of entries in SYSUAF well into the tens of thousands, using
DCL procedures for basic user maintenance tasks.
Other approaches -- lacking individual accountability -- involve using
the automatic login facility (SYSALF), or the use of DCL within the
SYLOGIN that performs the necessary verification of the login source.
Some of the options include:
The SYS$REM* logical names
f$getdvi("TT","TT_ACCPORNAM")
f$getdvi("TT","FULLDEVNAM")
An OpenVMS security identifier
etc.
Alternatively, you could customize LOGINOUT to perform the processing
of the login source directly, via the available LGI callouts mechanism.
Since the current configuration presently provides no user-specific
security, the use of a null password and the automatic login facility
(SYSALF) would be entirely appropriate. Based solely on the source of
the login, the user is automatically entered into the correct username.
More complex options include approaches that do not involve logging
into the system -- the user interface is always available to the
client via web, GUI, or other approach at all times, and the user
does not particularly need to connect to the system. Whether the
application performs its own verification and/or authentication is
another discussion, and one based on local security requirements.
|