Chapter 4: Authentication, Granting Access to the HP NonStop Server
Overview
Now that userids (and Aliases) are organized and created, control must be established over their access to individual nodes and the Expand network.
The authentication sequence depends on four parameters:
Is the access batch or interactive?
What communication medium is being used?
Are Safeguard TERMINAL controls being used?
Which personality of the HP NonStop server is being used?
The combinations of answers to these questions determines which path the user will take through the process of authenticating the user 's identity. The following table summarizes the choices:
| Type of Access | Connection Medium | Safeguard TERMINAL Records In Use | Personality | TELSERV | LOGIN | LOGON | Command Interpreter |
|---|---|---|---|---|---|---|---|
| Batch | NetBatch | ||||||
| Interactive | Static terminal | No Safeguard | Guardian | TACL | |||
| Interactive | Static terminal | Safeguard | Guardian | Y | TACL | ||
| Interactive [*] | Static TCP/IP | No Safeguard | OSS | Y | /bin/sh | ||
| Interactive [*] | Static TCP/IP | Safeguard | OSS | Y | Y | /bin/sh | |
| Interactive | Dynamic TCP/IP | No Safeguard | Guardian | Y | Y | TACL | |
| Interactive | Dynamic TCP/IP | Safeguard | Guardian | Y | Y | Y | TACL |
| Interactive | Dynamic TCP/IP | No Safeguard | OSS | Y | Y | /bin/sh | |
| Interactive | Dynamic TCP/IP | Safeguard | OSS | Y | Y | Y | /bin/sh |
| [*] | |||||||
| [*] Requires third party product to start shell process | |||||||
The three destination command interpreters are NetBatch, which is the batch processing subsystem, TACL, which is the Guardian personality command interpreter and /bin/sh, which is the command interpreter for the OSS personality. All three pass through the same authentication path, with the following two exceptions:
NetBatch does not prompt for the password; it runs as the user who submitted the job. Note that this is automatically generated by BATCHCOM when the batch job is submitted.
/bin/sh does not communicate with CMON.
Using TACL as the example, the following three diagrams show the TACL initiation process and the authentication sequence for installations that do not use Safeguard software and for those that do use Safeguard to manage User Records (See Figure 4-1).
Figure 4.1: Initializing TACL
The initialization of TACL internals uses values that have been bound into TACL:
NAMELOGON
BLINDPASSWORD
If a CMON process is in use, it is also queried for other TACL parameters. Then the first TACL prompt is written (See Figure 4-2).
Figure 4.2: Non-Safeguard Logon
At that point, the user logs on to the system (See Figure 4-3).
Figure 4.3: Logon With Safeguard
