[Info-vax] prevent user login during and after startup
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Wed Sep 17 10:05:56 EDT 2014
In article <lvc2mt$ct8$1 at news.albasani.net>, Jan-Erik Soderholm <jan-erik.soderholm at telia.com> writes:
>VAXman- @SendSpamHere.ORG wrote 2014-09-17 15:25:
>> In article <71208044-004c-4a80-a2b6-b9a3a11e1a5b at googlegroups.com>, Bob Gezelter <gezelter at rlgsc.com> writes:
>>> Vaxman,
>>>
>>> I was not suggesting "manually" starting telnet.
>>>
>>> What I would do in that situation is to add an invocation of the specific telnet startup file in the last stage of the layered products STARTUP database (using SYSMAN for the actual operation).
>>>
>>> The goal is to start telnet at a later point in the startup than when TCP/IP is started.
>>>
>>> - Bob Gezelter, http://www.rlgsc.com
>>
>> I don't believe I was suggesting that you would "manually" start telnet. I
>> wouldn't even suggest starting telnet at all on VMS. ;) Use ssh.
>>
>> The OP, IMHO, needs to address his system's startup procedures. Why doesn't
>> everything startup or get configured during the system's startup? Why does
>> he need to perform these manual "system" tasks after VMS is ready to allow
>> interactive user logins?
>>
>> I only suggested the SYSUAF solution because I don't like the idea of some
>> SYLOGIN.COM DCL code determining who can or can not login after they *HAVE*
>> logged in! LOGINOUT.EXE along with SYSUAF would have that sussed out long
>> before DCL ever gets mapped into the process.
>>
>
>One reason to have in the sys-login procedures can be to be
>able to supply the user with a reasonable message (not
>something generic and system generated).
I didn't mention it before because I've no knowledge of the OP's VMS saavy
but there are LOGINOUT hooks which could be exploited to return LOGDISABLE
based on the selection criteria the OP described. Again, it would disable
login long before mapping DCL and some appropriate message (LOGDISABL) can
be emitted.
FWIW, disabling telnet just gets a 'connection refused', so I don't see an
issue with simply returning NOVALID. How about some simple notice via the
SYS$ANNOUNCE that states: "Bugger off! Do NOT login! System not ready!"
I know that via telnet, SYS$ANNOUNCE is displayed. There are mixed results
when using various 'ssh' clients.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
More information about the Info-vax
mailing list