LOGIN System Program
The LOGIN program is started by the TELSERV process after a user has specified a service name to TELSERV. The LOGIN program starts the appropriate service and authenticates the user if configured to do so. If the service chosen by the user does not require authentication, the program defined for the service is started and no authentication is done. If authentication is required, the user is prompted for a userid or alias and the password for that userid or alias. If they are valid, the program defined for the service is started already with authentication. If invalid, the user is returned to the userid prompt.
In general, TACL, PATHWAY and LOGON must be started without authentication. /bin/sh must be started with authentication.
| Note | Services are defined for an individual TELSERV process using the SCF subsystem. |
RISK Starting without authentication could allow people to access the system without a password.
Securing LOGIN
BP-FILE-LOGIN-01 LOGIN should be secured "UUNU".
BP-OPSYS-LICENSE-01 LOGIN must be LICENSED.
BP-OPSYS-OWNER-01 LOGIN must be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 LOGIN must reside in $SYSTEM.SYSnn.
| Discovery Questions | Look here: | |
|---|---|---|
| OPSYS-OWNER-01 | Who owns the LOGIN object file? | Fileinfo |
| OPSYS-LICENSE-01 | Is the LOGIN object file licensed? | Fileinfo |
| FILE-POLICY | Who is allowed to execute LOGIN on the system? | Policy |
| FILE-LOGIN-01 | Is the LOGIN object file secured correctly? | Fileinfo |
Related Topics
LOGON
Safeguard subsystem
Telnet
