HP 3000 Manuals HP 3000 Manuals
New Option to Enforce Logon UDCs (Disabling HELLO ";PARM=-1")
by Michael Dovano
Commercial Systems Division
A user with SM capability can use the ";PARM=-1" feature of the HELLO
command to prevent the cataloging of UDCs during logon, which effectively
bypasses the execution of any logon UDCs. This is helpful in allowing a
system manager or HP Technical Consultant to log into a system that is
not allowing any user to log on. However, some of our customers who use
system-wide UDCs for third-party security packages, wanted this feature
to be configurable.
Now, using SYSGEN, the system manager can configure the system to enforce
or not enforce the use of logon UDCs. A new parameter, enforcelogonudcs,
has been added to the SYSTEM command in the MISC configurator. This
parameter can be assigned one of two values, ON or OFF.
When enforcelogonudcs is assigned the value ON, the enforcement of logon
UDCs is in effect so that even a user with SM capability using ";PARM=-1"
in the HELLO command cannot bypass logon UDCs. When enforcelogonudcs is
assigned the value OFF, the ";PARM=-1" feature functions normally. The
default is enforcement OFF.
An example of setting it to ON is as follows:
MISC> system enforcelogonudcs=ON
For this change to be effective, the new setting must be kept into the
appropriate configuration group (usually CONFIG), and the system must be
rebooted with the NORECOVERY option using that configuration group, as in
the following example:
ISL> START NORECOVERY GROUP=newgroup
To see whether ENFORCELOGONUDCS is ON or OFF, use the SHOW SYSTEM command
in the MISC configurator in SYSGEN, as in the following example (System
Operators can also check the status, but cannot make changes):
MISC>SHOW SYSTEM
SYSTEM command parameter VALUE
----------------- ----------- -----
USER VERSION userversion X.50.11
LOGON PROMPT logonprompt MPE/iX:
CI PROMPT ciprompt SLUG:
RELEASE X.50.10
ENFORCE LOGON UDCS enforcelogonudcs OFF
MISC> EXIT
SYSGEN> EXIT