PH Web and OpenVMS

Johnson, Harold A EDUC:EX Harold.A.Johnson at gov.bc.ca
Fri Jun 20 12:49:43 CDT 2008 

Unless it's using SSL I imagine and protected - I've got many web
accounts (ebay, paypal, bank, etc.) where I have to input a password, so
I don't imagine this is an issue.

________________________________

From: Peter Bateman [mailto:peterbateman808 at hotmail.com] 
Sent: Thu, June 19, 2008 3:21 PM
To: Johnson, Harold A EDUC:EX; powerh-l at lists.sowder.com
Subject: RE: PH Web and OpenVMS


       Hi Harold:
 
          It seems to me that we really don't want to be passing
passwords around on the web!
      
      Regards,
      Peter




________________________________

	Subject: RE: PH Web and OpenVMS
	Date: Wed, 18 Jun 2008 16:15:58 -0700
	From: Harold.A.Johnson at gov.bc.ca
	To: peterbateman808 at hotmail.com; powerh-l at lists.sowder.com
	
	
	Thanks.   Yes, we'd like to allow the user to connect to the PH
Web screen (from anywhere), enter an existing OpenVMS user Id and
password and compare them with the existing use id and password from the
OpenVMS system.    If I read this correctly, it should be possible to do
this?    This would allow us to grant access to current OpenVMS users
(those using a Powerhouse application for example) to specific built
functions using PH Web and be able to to identify them without having to
build or store another set of user ids/passwords.
	 
	I'm not aware of anyone using PH Web with BCeIDs.
	 

________________________________

	From: Peter Bateman [mailto:peterbateman808 at hotmail.com] 
	Sent: Wed, June 18, 2008 12:56 PM
	To: Johnson, Harold A EDUC:EX; powerh-l at lists.sowder.com
	Subject: RE: PH Web and OpenVMS
	
	
	       HI Harold:
	 
	 
	         When someone signs into PowerHouse Web they are part of
	         UNKNOWN Application Security Class unless there
username
	         is in the WEBLOGONID list and WEBLOGONID is the
selected method. 
	         Usernames in the UAF would not necessarily
	         be identifiable to PowerHouse Web.
	         I am not sure how the username is entered on the web
page.  
	         I suspect that PowerHouse web prompts for the username.
	         
	         You could create a public PowerHouse web page.
	               prompt for username and password.
	         Where the username  and the encrpyted the 
	         password must be on must be on SYSUAF.
	      
	          According to
http://download.paipai.net/texts/alt-2600%20FAQ.txt
	          "To check an OpenVMS password, you need to extract the
password and the
	password salt from the UAF using $GETUAI and then create a hash
( of the entered password )
	based on that salt using $HASH_PASSWORD. Compare that hash with
the one from the
	UAF to determine if the password is the same."
	
	         Has anyone got PowerHouse Web to work BCEIDs?
	Regards,
	Peter Bateman
	 
	
	

	VERSION 8.4E

	PDL AND UTILITIES REFERENCE
	     
	

	WEBLOGONID username [[,] username]...

	Assigns user names that are potential members of this ASC.
Username is case sensitive.

	When PowerHouse Web opens a dictionary it checks the ID method
in the APPLICATION

	SECURITY ID METHOD option of the SYSTEM OPTIONS statement. If
the ID method is

	WEBLOGONID, PowerHouse Web checks authenticated usernames
against the list of usernames

	in the WEBLOGONID option. If the authenticated username is
listed in a WEBLOGONID option

	of an ASC statement, the user becomes a member of that ASC and
the KNOWN class. If an

	authenticated username is not listed in any WEBLOGONID option of
any ASC statement, the

	user is treated as a member of the ANONYMOUS class and the
UNKNOWN class.

	If there is no authenticated username, or the ASC ID METHOD is
not WEBLOGONID, the user

	becomes a member of the ASC UNKNOWN.
	
	

________________________________

		Subject: PH Web and OpenVMS
		Date: Wed, 18 Jun 2008 11:11:21 -0700
		From: Harold.A.Johnson at gov.bc.ca
		To: powerh-l at lists.sowder.com
		
		

		Hi everyone.   We are thinking of using PH Web and
OpenVMS in the following way:

		Is possible to access the VMS login (user_id/password)
from a Powerhouse WEB screen and use this information to authenticate
the person logging in, instead of creating a whole new user id/login
process?  If so, does anyone know where I can find information on this?

		thnx!

		
		 


________________________________

	<http:///> 


________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20080620/6dcb3252/attachment.htm

More information about the powerh-l mailing list