HPE Community
Operating System - OpenVMS
1829958 Members
1889 Online
109998 Solutions
New Discussion

CAPTIVE LOGON accounts again, this time with pictures.

 
apv746
Occasional Contributor

‎04-10-2007 06:49 AM

‎04-10-2007 06:49 AM

CAPTIVE LOGON accounts again, this time with pictures.

I want to learn ho they did do this by creating a Captive Logon account similar to one you will see in the picture. I need somone to post a manual on creating CAPTIVE ACCOUNBT logins so users will not access the DCL command line.
0 Kudos
Reply
10 REPLIES 10
Ian Miller.
Honored Contributor

‎04-10-2007 07:44 AM

‎04-10-2007 07:44 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

See Guide to VMS Security
http://h71000.www7.hp.com/doc/732FINAL/aa-q2hlg-te/00/00/66-con.html#captiveaccounts
____________________
Purely Personal Opinion
0 Kudos
Reply
Robert Gezelter
Honored Contributor

‎04-10-2007 07:46 AM

‎04-10-2007 07:46 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

apv746,

CAPTIVE accounts are restricted from ever leaving the LOGIN command procedure. The CAPTIVE flag is set from within AUTHORIZE.

Information on CAPTIVE accounts is in the OpenVMS Guide to System Security, which is available from the OpenVMS WWW site (http://www.hp.com/go/openvms ; under Documentation).

My suggestion is to create a test account, with a LOGIN.COM procedure and set the account to CAPTIVE. There are a variety of other security related precautions that are recommended. One of my favorites is to use a command file in an external directory (where the file and the directory are not writeable by the user account).

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
apv746
Occasional Contributor

‎04-10-2007 08:35 AM

‎04-10-2007 08:35 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

Did you see the picture in the Attachment right at the top???

Now thats I wanna to learn is that.
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎04-10-2007 09:03 AM

‎04-10-2007 09:03 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.


>> Did you see the picture in the Attachment right at the top???

Since you brought that up again...

I saw the container, not the picture.
What is a 'swx' file?
My windoze box had no association, and could not find one. There is no simple header data. There is readable text in there, so it is not a bitmap style picture.
"Welcome to RUEV03"

Please consider an alternative or just describe the issue. We like a bit of a puzzle, but you make us solve a puzzle to get to the puzzle....

Cheers,
Hein




0 Kudos
Reply
Hoff
Honored Contributor

‎04-10-2007 09:05 AM

‎04-10-2007 09:05 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

Based on the NeoOffice/OpenOffice.org SXW screen capture that was provided, This looks to be the same system(s) and probably the same Cognos Powerhouse application environment that was discussed in postings by ngoht20 -- this system uses an identical system name RUEV03, and a similar menu environment.

In your screen shot, the RUEV03 system displays the login message:

"Criminal law prohibits unauthorized use. Violators will be prosecuted?"

So you want to know internals of the security of a system that claims to be protected by criminal law? Sorry, I am not in a position to provide that assistance.

Please contact the system administrator or person(s) responsible for the system directly. If you are responsible for and if you should need assistance with this system, talk to your manager. Or request direct and formal assistance with the system.

If you should need help with DCL itself, and with CAPTIVE and RESTRICTED access, see the security manual as a start, or (if you can locate a copy) the DCL book I wrote a while back: Writing Real Programs in DCL, 2nd Ed.

Stephen Hoffman
HoffmanLabs LLC

--

I've converted the NeoOffice/OpenOffice.org SXW document into PDF, and have attached it.
0 Kudos
Reply
Hoff
Honored Contributor

‎04-10-2007 09:23 AM

‎04-10-2007 09:23 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

I'm not having success attaching a PDF.
I've attached a somewhat grainy JPG here.
0 Kudos
Reply
apv746
Occasional Contributor

‎04-10-2007 03:15 PM

‎04-10-2007 03:15 PM

Re: CAPTIVE LOGON accounts again, this time with pictures.

I just ONLY need to a DOCUMENT tat which explains everything on HOW todoa Caprive Login script lik the one in the picture.

ANy links please???

I would appreciate it.

And yes, this was a StarOffice document picture which I could of converted into a PDF file...Sorry for that.
0 Kudos
Reply
Jon Pinkley
Honored Contributor

‎04-10-2007 05:38 PM

‎04-10-2007 05:38 PM

Re: CAPTIVE LOGON accounts again, this time with pictures.

This is all documented in documentation that you have been directed to.

Can you explain for what purpose you want to document this?

Jon
it depends
0 Kudos
Reply
Sebastian Bazley
Regular Advisor

‎04-10-2007 10:14 PM

‎04-10-2007 10:14 PM

Re: CAPTIVE LOGON accounts again, this time with pictures.

Wild guess - but are you trying to generate a menu system for the captive login account?

[Might explain why the existing documentation pointers seem to have been ignored...]

If so, then the DCL book written by Hoff would help. Or I believe that there are some menu systems on the freeware disks, for example:

http://h71000.www7.hp.com/freeware/freeware80/menu/

I've not used it.
0 Kudos
Reply
Hoff
Honored Contributor

‎04-11-2007 02:59 AM

‎04-11-2007 02:59 AM

Re: CAPTIVE LOGON accounts again, this time with pictures.

Writing a menu system -- and the CAPTIVE and RESTRICTED settings are basically a rounding error in the aggregate effort -- is an exercise in programming in DCL and probably also in a programming language or a menu-generation tool, and programming in most any language requires reading the manuals. The available alternatives here include paying somebody to write the menu application or the documentation for you, or -- following the open-source model -- that you wait around for somebody to write more or less what you need.

There are basic examples of menu systems available from various sources. The manuals cited in this thread show simple examples of DCL menus, and there are DCL-based menus in SYS$EXAMPLES:, in other system directories, and other sources.

There are likely no examples at HP of writing Cognos Powerhouse menu systems. Cognos would be the obvious source for those materials. There are various packages intended to generate menu systems.

When similar menu system requests have arrived, I've typically suggested the creation of CGI and of displaying the information via a web server and web browser. And not a host-based menu system. DCL and most programming languages can be used to create a CGI environment. Getting the applications to work is another issue, but the effort does release you from many of the UI-level and access-level issues that a traditional direct terminal session entails.

Rewriting the menu system itself -- in DCL, or as a CGI -- is usually a comparatively easy part. Dealing with the data and the pieces underneath the menu -- the so-called business logic -- is the more interesting and is often the far more involved part of the effort.

Stephen Hoffman
HoffmanLabs LLC

--

ps: Please get the applicable IT organization and get your manager involved in this effort. These folks traditionally abhor surprises.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.