Technical data
Managing User Accounts
7.2 Understanding the Protection of Authorization Files
The primary proxy database that the system uses is the NET$PROXY.DAT
file. NETPROXY.DAT is maintained:
For use by DECnet for OpenVMS
For backward compatibility
See Section 7.9.3 for more details about network proxy accounts.
• Rights database file, RIGHTSLIST.DAT
The RIGHTSLIST.DAT authorization file is created with the following default
protection:
RIGHTSLIST.DAT S:RWED, O:RWED, G, W
The procedures for adding a user account are discussed in detail in Section 7.6.
Because the UAF is the prime repository for storing information about user
accounts, it is important to understand its components before you add accounts.
7.3 Understanding UAF Login Checks
This section describes the system checks the login fields of the UAF when a user
attempts to log in.
When a user activates a terminal (by turning it on and pressing Return if directly
connected, by dialing in to a system and observing the remote connect protocol,
or by connecting via a LAT), and that terminal is not allocated by a user process,
the system prompts for a name and password. The user must enter a name and
password combination that exists in a UAF record, or the system denies the user
further access. If the name and password are accepted, the system performs the
operations in Table 7–3.
Table 7–3 System Login Flow
Step Action Result
1. System examines the login flags. The system begins with DISUSER. If the DISUSER flag is set,
the login attempt fails.
Note that setting this flag for powerful, infrequently used
accounts (such as Field Service accounts) eliminates the risk of
guessed passwords for those accounts.
2. System verifies primary or
secondary day restrictions.
After checking the current day type, the system determines
whether hourly login restrictions are in effect (as defined by the
/ACCESS, /DIALUP, /INTERACTIVE, /LOCAL, and /REMOTE
qualifiers). If the current hour is restricted, the login fails
immediately. Compaq recommends that you limit nonbatch
access of the SYSTEM account by using access times and day
types. See Section 7.8.1 and Section 7.8.2.
3. System passes control to the
command interpreter.
The command interpreter is named in the user’s UAF record;
for example, DCL.
(continued on next page)
Managing User Accounts 7–5