|
HP OpenVMS Systemsask the wizard |
|
The Question is: I would like to programmatically authorize a VMS user and password against the OpenVMS system. I currently have all of the user information to do this. I just need to know what call(s) to the system I need to make to ensure that this is an existing user _id and verify that I have the correct password. Is there currently a system command that I can use that I can feed the user_id and password and get back some sort of authorization? The Answer is : If the user is logged into the system, then there is obviously no need for this, as the user identity has already been authenticated. If the user is not logged in and you wish to authenticate the user, then consider using a login. (At its simplest, this involves a DCL command such as COPY 0"user password"::_NLA0: _NLA0:, or most any other RMS operation that triggers a DECnet remote login. This COPY operation triggers an attempt to access the DECnet FAL object on the local DECnet host.) If the user is not currently logged in and cannot be logged in, then your approach is certainly possible using a trusted application image and calls to $getuai and $hash_password, but the available services do not provide a particularly secure approach; you will tend to create security holes as there are no readily available tie-ins into the auditing and breakin evasion mechanisms that are used by LOGINOUT. A nefarious user could use an authentication scheme lacking auditing and evasion as a mechanism to test potential passwords, of course. (Any code performing security-relevent operations must enforce and must maintain system security. This might well seem obvious, but security can be rather more involved than it might initially appear. And ANY security-level API will eventually get attacked.) For distributed authentication, consider the use of Kerberos. Kerberos is available in OpenVMS V7.3 and later. OpenVMS Alpha V7.3-1 and later provide authentication services, and provides for an easy approach for providing evasion and related support. Please see the V7.3-1 documentation and particularly see the sys$acm system service documentation for details. For code examples for older releases, please see the XLOCKMORE and other related tools. XLOCKMORE is available on the OpenVMS Freeware distribution. Related topics include (1461), (1645), (4303), (4612), (4778), (6328), and various others.
|