Use the LOGONBY Facility to increase the accountability of users who have access to critical user IDs such as MAINT or VMANAGER.
Note: CA VM:Secure treats the CP LOGON BY command as a LOGONBY Facility request.
By using the LOGONBY Facility you do not need to give MAINT’s password to your system programmers. You can simply write a LOGONBY rule that allows your system programmers to log on to MAINT using their own passwords. For example, in MAINT’s user rules, you can write a rule to allow system programmer WOODYB to log on to MAINT using his own password:
accept woodyb logonby
To restrict use of the MAINT password, change the LOGON password to LBYONLY in the MAINT directory entry by using the PASSWORD command:
vmsecure password noreset LBYONLY
This means that the only way someone can log on to MAINT is through the LOGONBY Facility. No one can log on to MAINT using the MAINT password.
To query the user who logged on to MAINT, enter the following:
cp query byuser maint
All LOGONBY Facility and CP LOGON BY requests are audited and appear on the VMXSRA audit report under the CP Logon Commands heading. MAINT is the Target User ID, and any user IDs logging onto MAINT (with LOGONBY) are listed in the Issuing Userid column.
The following is an example of the logon procedure for the LOGONBY Facility:
When DIANEC logs on to MAINT, she enters the following:
logon maint by dianec
The system responds as follows:
ENTER LOGON PASSWORD:
She enters her password:
apples
Note: For more information about LOGONBY Rule, see Rules Reference.
|
Copyright © 2014 CA.
All rights reserved.
|
|