|
HP OpenVMS Systemsask the wizard |
|
The Question is: I am attempting write another incarnation of the GLOGIN / BECOME program, this time in DecC (v5.7). I am using the sys$personna services to avoid macro kernal operations, and have had good success, except, when I become an unprived user, I cannot perform i/o operations on the original TT: device. If, for the purposes of this program, I could get some hints on changing device protection, I it would be greatly appreciated. I know I could log a call with CSC, but my support is via a large medical company, and they can barely spell VMS. Thanks for any help. The Answer is : The persona system services provide the capability to correctly assume the identity of another username. Applications using these services will continue to be compatible with the newer security data structures and related kernel changes made in OpenVMS V7.2. Use of direct write access to the kernel data structures can potentially cause system crashes and cam open the system up to various system security problems. You will need to alter the protection of the specified local terminal device to allow the necessary access. This generally involves the use of the sys$set_security system service, and resetting device ownership, adding an appropriate ACE, or (less desirably) relaxing the device access protection mask. Example source code is available from various sources, including the OpenVMS documentation (The OpenVMS System Services Reference Manual, chapter 25 of the OpenVMS Programming Concepts manual, various other manuals), potentially the OpenVMS Freeware and various websites referenced in the FAQ, and (for those with support contracts) the source code examples available via DSN and the CSC. When troubleshooting security or authentication or password problems, remember to use security alarms or security to determine the exact cause of the failure.
|