The LOGONBY Facility works with the Rules Facility and allows other users to access your user ID using their own passwords. This eliminates the need to give out your password. For example, user NORMP will be on vacation and wants CARLAT to sort through mail sent to the NORMP user ID in his absence. NORMP creates a LOGONBY rule in his user rules file for CARLAT. When CARLAT logs on to user ID NORMP, she uses the LOGONBY Facility by specifying the BY operand on the LOGON command. The LOGONBY Facility prompts her for her logon password.
The LOGONBY Facility also allows you to restrict access to user IDs your site considers critical, such as MAINT, by setting the user ID password to LBYONLY. For compatibility with previous releases, you can also use the PASSWORD command to add a NOLOGBY special comment (*NB=Y) to the user ID’s directory entry. This results in an environment where the only way someone can log on to that user ID is through the LOGONBY Facility. No one can log on to the user ID using the MAINT user ID password.
If you are going to use the LOGONBY Facility at your site, implement the PASSWORD user exit. In the user exit, add logic to prevent users from changing their passwords to BY.
The CP LOGON BY command is treated as a CA VM:Secure LOGONBY request.
Note: For more information about the LOGONBY rule, see LOGONBY Rule in Rules Reference. For more information about the PASSWORD command and the PASSWORD user exit, see the Reference Guide. For more information about the *NB= special comment, see the Administration Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|