Technical data

ManualsBrandsCompaq ManualsPrinterLA36

191

192

193

194

195

196

197

198

199

200

Managing User Accounts

7.3 Understanding UAF Login Checks

Table 7–3 (Cont.) System Login Flow

Step Action Result

4. System checks whether

SYS$LOGIN is deﬁned.

If SYS$LOGIN is deﬁned, the logical name is translated (in

the case of DCL, to SYS$MANAGER:SYLOGIN.COM) and that

procedure executes.

If SYS$SYLOGIN is not deﬁned, no system login is run.

If a command procedure is speciﬁed in the LGICMD ﬁeld and

that procedure exists, it executes. Otherwise, if the LGICMD

ﬁeld is blank, the user’s command ﬁle (named LOGIN.COM if

the CLI is DCL), which is located in the SYS$LOGIN directory,

executes automatically (if it exists).

The system will not execute both a command procedure speciﬁed

in the LGICMD ﬁeld and a user’s LOGIN ﬁle; if a procedure is

speciﬁed in the LGICMD ﬁeld, the system uses that procedure

by default. You can, however, instruct the system to execute a

user’s LOGIN by calling it from within the procedure speciﬁed

in LGICMD.

After a successful login, the command interpreter prompts for user input (DCL

usually displays a dollar sign), and the user responds with commands acceptable

to the command interpreter. (DCL accepts those commands documented in the

OpenVMS DCL Dictionary.) However, the system prohibits activities that violate

the user’s privilege allowance or exceed resource quotas.

7.4 Managing System-Supplied UAF Accounts

Typically, you use the UAF supplied with the distribution kit. (You can, however,

rename the UAF with the DCL command RENAME, and then create a new

UAF with AUTHORIZE.) Allow access to this ﬁle only to those with SYSTEM

privileges. See the AUTHORIZE section in the OpenVMS System Management

Utilities Reference Manual for guidelines on protecting system ﬁles.

The UAF is accessed as a shared ﬁle. Updates to the UAF are made on a per-

record basis, which eliminates the need for both a temporary UAF and a new

version of the UAF after each AUTHORIZE session. Updates become effective

as soon as you enter AUTHORIZE commands, not after the termination of

AUTHORIZE. (For this reason, do not enter temporary values with the intent of

ﬁxing them later in the session.)

The Authorize utility (AUTHORIZE) provides a set of commands and qualiﬁers

to assign values to any ﬁeld in a UAF record. See the Authorize utility section

in the OpenVMS System Management Utilities Reference Manual for complete

information about UAF record ﬁelds and the commands and qualiﬁers used to

assign attributes to these ﬁelds.

7.4.1 Understanding System-Supplied UAF Accounts

On VAX systems, the UAF on software distribution kits contains ﬁve accounts:

DEFAULT, FIELD, SYSTEM, SYSTEST, and SYSTEST_CLIG.

On Alpha systems, DEFAULT and SYSTEM accounts are created for you. You can

use SYS$MANAGER:CREATE_SPECIAL_ACCOUNTS.COM to create SYSTEST,

SYSTEST_CLIG, and Field Service accounts, as explained in Section 7.4.2.

7–6 Managing User Accounts