Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
221222223224225226227228229230
Managing User Accounts
7.8 Restricting the Use of Accounts
Keyword Meaning
[NO]DISNEWMAIL [Do not] suppress ‘‘New Mail . . . ’’ announcements.
[NO]DISPWDDIC [Do not] disable automatic screening of new passwords
against a system dictionary.
[NO]DISPWDHIS [Do not] disable automatic checking of new passwords against
list of user’s old passwords.
[NO]DISRECONNECT [Do not] disable automatic reconnection to an existing process
when a terminal connection has been interrupted.
[NO]DISREPORT [Do not] disable reporting of login information (last login
date, login failures, and so on).
[NO]DISUSER [Do not] disable account completely.
[NO]DISWELCOME [Do not] suppress ‘‘Welcome to . . . ’’ login message.
[NO]GENPWD [Do not] require user to use generated passwords.
[NO]LOCKPWD [Do not] prevent user from changing password.
[NO]PWD_EXPIRED [Do not] mark password as expired.
[NO]PWD2_EXPIRED [Do not] mark second password as expired.
[NO]RESTRICTED [Do not] prevent user from changing any defaults at login.
7.8.5 Using Login Command Procedures for Restricted or Captive Accounts
Using the /LGICMD qualifier with the AUTHORIZE commands ADD, MODIFY,
or COPY defines the login procedure for a restricted or captive account. A person
logging in to such an account cannot modify the procedure with any of the login
qualifiers: /CLI, /DISK, /COMMAND, /NOCOMMAND, /TABLES.
The CAPTIVE and RESTRICTED flags perform the following actions:
Disable the use of Ctrl/Y (/FLAG=DISCTLY); however, a system manager
can enable the Ctrl/Y sequence for a restricted account by adding the DCL
command SET CONTROL=Y at the end of the login procedure.
Prevent the use of the SPAWN command from Mail or the use of the SPAWN
built-in procedure from the DEC Text Processing Utility (DECTPU).
Once logged in, a person using a restricted account operates from the DCL level
and can access any available software.
A person using a captive account is locked into the application software where
access to the DCL level is denied, provided the system manager observes the
following practices:
When you need to prompt for and accept direct user input, do not execute the
text entered by the user directly; rather, first screen the input, and specifically
permit only the set of characters that is valid for the intended use. Reject all
characters that are not appropriate for the intended use.
Prohibit the following character set from user input, as these characters have
special meanings to the DCL command interpreter:
ampersand (&) and double ampersand (&&)
angle brackets (<) (>)
apostrophe (’)
at-sign (@)
dollar sign ($)
hyphen (-)
quotation mark (")
Managing User Accounts 731