Safeguard software can be configured to take over control of the logon dialog at specific terminals. Some or all of the terminals on the system can be controlled by Safeguard software. Dynamic TCP/IP terminals are put under Safeguard control by using the LOGON program as the initial authentication program. Static terminals are put under Safeguard control by creating a Safeguard Terminal Definition Record.
Note that this is separate from the Safeguard User Record that is consulted during the logon process for user authentication.
Safeguard-controlled terminals can be created dynamically by setting the LOGON program as a service for the TELSERV process for the TCP/IP line. These dynamic terminals will not have Safeguard TERMINAL records, so the TERMINAL record parameters cannot be used to determine which command interpreter will be started after LOGON authenticates the user. Instead, the user's User Record and the Safeguard Globals will be used to determine which command interpreter will be used.
Terminal Definition Records differ from Safeguard Object Protection Records in that there is no Access Control List. To control access to a Safeguard terminal, create a DEVICE (or SUBDEVICE) Protection Record based on the terminal's device name .
Note | Any Terminal Definition Records for remote terminals must be completely accessible by SUPER.SUPER:
|
The terminal's DEVICE Protection Record (if any) must not deny access to SUPER.SUPER.
The Terminal Definition Record can be configured to start a Command Interpreter (CI) automatically at the terminal after user authentication.
Note | Safeguard software can start a CI only at a Safeguard terminal, that is, one put under Safeguard control with a Terminal Definition Record or dynamic TELSERV services. Though the CI can also be specified in a user authentication record and in the Safeguard Globals, it is enforced only at terminals controlled by Safeguard software . |
Safeguard-controlled terminals can also be configured for exclusive access, which insures that any user who is logged on to a Safeguard terminal has exclusive access to the terminal until the user logs off.
Two parameters are used to configure Safeguard software to control the authentication process:
TERMINAL DEFINITION RECORD
TERMINAL-EXCLUSIVE-ACCESS
When a Terminal Definition Record is added and thawed, Safeguard software takes over control of the logon dialog at that terminal. Terminal Definition Records cannot be used with dynamic terminals.
The Terminal Definition Record can specify that a particular Command Interpreter (CI) be started automatically at the terminal after user authentication.
CIs can be configured in three places:
User Records
Safeguard Terminal Definition Records
Safeguard Global Parameters
Safeguard software searches for a CI specification in the following order: User Record, Terminal Definition Record and Safeguard Globals. The first specification found during the search is the CI that is started after user authentication, so a command interpreter specified in a user authentication record always takes precedence over one specified in a Terminal Definition Record or the Safeguard Globals.
If no CI is specified in the user authentication record or in the Terminal Definition Record, the CI defined in the Safeguard Globals is used. If no CI is specified globally, then the CI started is $SYSTEM.SYSTEM.TACL.
The Terminal Definition Command Interpreter Attributes are:
PROG
PNAME
LIB
CPU
SWAP
PRI
PARAM-TEXT
Safeguard software does not treat Terminal Definition Records as objects. They are not affected by Warning Mode.
The PROG parameter specifies the object file of the command interpreter Safeguard software will start after authenticating the user logging onto the defined terminal. The object file must be a local file.
If no object file is specified, the other attributes of the Terminal Definition Record will be ignored.
The LIB parameter defines the library file to be used with the command interpreter for the terminal after user authentication.
If no library is specified, no library file will be used.
The CPU parameter determines the number of the CPU the command interpreter will run in. The valid entries are number, representing the CPU or the word "any". If the value is ANY, any available CPU will be used.
If no CPU is specified, any available CPU will be used.
The PNAME parameter determines the process name that will be assigned to the command interpreter that is started at the terminal
If no PNAME is specified, Safeguard software will generate a process name when it starts the command interpreter.
The PNAME must be unique for each Safeguard-controlled terminal.
The SWAP parameter determines the location of the command interpreter's swap space. The value must be a valid volume name. The subvolume and file names are optional.
If no volume name is entered, the configured system volume will be used.
The PRI parameter determines the priority at which the command interpreter will be run at this terminal.
If no priority is entered, the Safeguard Global CI-PRI value defaults to the system default priority.
The PARAM-TEXT determines the data (if any) to be supplied as the startup message for the command interpreter started at this terminal.
The PARAM-TEXT must be the final attribute in the command string.
If no PARAM-TEXT is entered, no startup text is used.
The STATUS is either FROZEN or THAWED. If a Terminal Definition Record is frozen, the logon dialog at that terminal is disabled.
The TERMINAL-EXCLUSIVE-ACCESS parameter determines whether or not a user who is logged on at a Safeguard terminal has exclusive access to that terminal; no other user can open the terminal during the authenticated user's session.
If TERMINAL-EXCLUSIVE-ACCESS is ON, the user authenticated at a Safeguard terminal has exclusive access to that terminal.
If TERMINAL-EXCLUSIVE-ACCESS is OFF, all users can open the terminal, whether or not another user is currently logged on.
BP-SAFEGARD-GLOBAL-55 TERMINAL-EXCLUSIVE-ACCESS = OFF
Note | This attribute applies only to static Safeguard-controlled terminals. |