jkw%a@LANL.ARPA (Jay Wooten) (01/23/87)
>From DAVIDLI@SIMVAX.BITNET (System Manager) Wed Jan 21 09:51:00 1987 >Relay-Version: version B 2.10.2 9/18/84; site lanl.ARPA >Path: lanl!cmcl2!yale!decvax!ucbvax!SIMVAX.BITNET!DAVIDLI >From: DAVIDLI@SIMVAX.BITNET (System Manager) >Newsgroups: mod.computers.vax >Subject: re: user authorization failure >Message-ID: <8701211907.AA29196@ucbvax.Berkeley.EDU> >Date: 21 Jan 87 16:51:00 GMT >Date-Received: 23 Jan 87 03:39:39 GMT >Sender: daemon@ucbvax.BERKELEY.EDU >Organization: The ARPA Internet >Lines: 22 >Approved: info-vax@sri-kl.arpa > > >Ahem.... > >After sending out my previous message, I ran across a couple of pages in the >MicroVMS users manual that looked suspicious. > >MicroVMS very kindly sets up your DHV11 with an Automatic Login File (ALF). >This means that whenever you try to initiate login, the system checks for a >user named USER and automatically logs them in. > >However... we are not a 1-user system, so I removed the USER and USERP from >SYSUAF (gotta plug security holes, you know). And every* DHV11 port was >trying to log in the fictitious USER and getting a 'user authorization >failure' for its trouble. > >I've never used the ALF on my 11/750, and I won't use it on my MicroVAX II. >So, I didn't know about that particular 'feature'. DEC didn't mention it >either. Sigh. > > David Meile What you probably want to do is delete SYSALF.DAT. LOGINOUT looks for this file at the beginning of every login. If the file is found, it is searched for an entry for the terminal line that is logging in. If an entry is found, the username associated with the entry is automatically logged in, bypassing the username/password stuff (as you found out). This feature is very handy sometimes. For example, you may want to dedicate a terminal to a demo program which anyone may use without having to have an account on the system. I discovered this feature back in version 2.2 while looking thru the fiche and have used it several times. It wasn't until 4.0 that DEC decided to provide a utility (ALFMAINT) to support it. The SYSALF.DAT file is an ISAM file with 2 entries per record -- the terminal name and the username. It is a wierd format -- something like 63 characters for each of the two fields. Instead of deleting the existing file, you might want to rename it for future use. Jay Wooten Los Alamos National Lab ARPA:jkw@lanl.ARPA