Some commands, like AUTOLOG, often require a password operand. Naturally, you do not want to put a clear text VM directory password in a rule. However, you might want the rule to force the user to enter the password.
The rule set below shows how to do this.
KEY(AUTOLOG) SMAINT *- - UID(MAINT) ALLOW - UID(OPRLEAD1) ALLOW - UID(OPRLEAD2) ALLOW - UID(OPRLEAD3) ALLOW
The first line identifies the command. If SMAINT is not defined in the VM directory, a syntax error occurs. In the second rule entry, MAINT can issue an AUTOLOG for the SMAINT machine. SMAINT indicates the first operand must be SMAINT. For the AUTOLOG command, the first operand is the user ID of the machine to be autologged. *- indicates a second operand is required. The second operand is the VM directory password of the machine being autologged. - indicates the third operand of the AUTOLOG command is optional and is for variable length data that is passed to the virtual machine.
The solitary dash (-) says that all operands for the command are masked. According to these rule entries, the lead operators can execute the AUTOLOG command.
Entering a password on the command line might conflict with a CP operating requirement that you must enter passwords on a separate line in nondisplay mode. For more information, contact your systems programmer.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|