PH Web and OpenVMS
Peter Bateman
peterbateman808 at hotmail.com
Thu Jun 19 17:20:51 CDT 2008
Hi Harold:
It seems to me that we really don't want to be passing passwords around on the web!
Regards,
Peter
Subject: RE: PH Web and OpenVMSDate: Wed, 18 Jun 2008 16:15:58 -0700From: Harold.A.Johnson at gov.bc.caTo: peterbateman808 at hotmail.com; powerh-l at lists.sowder.com
Thanks. Yes, we'd like to allow the user to connect to the PH Web screen (from anywhere), enter an existing OpenVMS user Id and password and compare them with the existing use id and password from the OpenVMS system. If I read this correctly, it should be possible to do this? This would allow us to grant access to current OpenVMS users (those using a Powerhouse application for example) to specific built functions using PH Web and be able to to identify them without having to build or store another set of user ids/passwords.
I'm not aware of anyone using PH Web with BCeIDs.
From: Peter Bateman [mailto:peterbateman808 at hotmail.com] Sent: Wed, June 18, 2008 12:56 PMTo: Johnson, Harold A EDUC:EX; powerh-l at lists.sowder.comSubject: RE: PH Web and OpenVMS
HI Harold: When someone signs into PowerHouse Web they are part of UNKNOWN Application Security Class unless there username is in the WEBLOGONID list and WEBLOGONID is the selected method. Usernames in the UAF would not necessarily be identifiable to PowerHouse Web. I am not sure how the username is entered on the web page. I suspect that PowerHouse web prompts for the username. You could create a public PowerHouse web page. prompt for username and password. Where the username and the encrpyted the password must be on must be on SYSUAF. According to http://download.paipai.net/texts/alt-2600%20FAQ.txt "To check an OpenVMS password, you need to extract the password and thepassword salt from the UAF using $GETUAI and then create a hash ( of the entered password )based on that salt using $HASH_PASSWORD. Compare that hash with the one from theUAF to determine if the password is the same." Has anyone got PowerHouse Web to work BCEIDs?Regards,Peter Bateman
VERSION 8.4EPDL AND UTILITIES REFERENCE
WEBLOGONID username [[,] username]...
Assigns user names that are potential members of this ASC. Username is case sensitive.
When PowerHouse Web opens a dictionary it checks the ID method in the APPLICATION
SECURITY ID METHOD option of the SYSTEM OPTIONS statement. If the ID method is
WEBLOGONID, PowerHouse Web checks authenticated usernames against the list of usernames
in the WEBLOGONID option. If the authenticated username is listed in a WEBLOGONID option
of an ASC statement, the user becomes a member of that ASC and the KNOWN class. If an
authenticated username is not listed in any WEBLOGONID option of any ASC statement, the
user is treated as a member of the ANONYMOUS class and the UNKNOWN class.
If there is no authenticated username, or the ASC ID METHOD is not WEBLOGONID, the userbecomes a member of the ASC UNKNOWN.
Subject: PH Web and OpenVMSDate: Wed, 18 Jun 2008 11:11:21 -0700From: Harold.A.Johnson at gov.bc.caTo: powerh-l at lists.sowder.com
Hi everyone. We are thinking of using PH Web and OpenVMS in the following way:
Is possible to access the VMS login (user_id/password) from a Powerhouse WEB screen and use this information to authenticate the person logging in, instead of creating a whole new user id/login process? If so, does anyone know where I can find information on this?
thnx!
_________________________________________________________________
If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one!
http://g.msn.ca/ca55/208
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20080619/d4f5dbe0/attachment.htm
More information about the powerh-l
mailing list