LOGINCP or LOGONCP command: Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (misc formatting)
 
(2 intermediate revisions by one other user not shown)
Line 38: Line 38:
</p>
</p>
Pressing <code>Enter</code> at the <code>M204.2633:</code> prompt will leave the user logged in without changing the password.
Pressing <code>Enter</code> at the <code>M204.2633:</code> prompt will leave the user logged in without changing the password.
<p><var>LOGINCP</var> is a synonym for <var>LOGONCP</var>.</p>
<p>
<var>LOGINCP</var> is a synonym for <var>LOGONCP</var>.</p>


==Usage notes==
==Usage notes==
<p><var>LOGINCP</var> and <var>LOGONCP</var> are available as of Model 204 version 7.7. </p>
<p>
<p>Because colons are valid password characters as of version 7.7, <var>LOGINCP</var> or <var>LOGONCP</var> replaces the former technique for changing passwords using <var>LOGIN</var> or <var>LOGON</var> and specifying <var class="term">oldpassword</var><tt>:</tt><var class="term">newpassword</var>.  
<var>LOGINCP</var> and <var>LOGONCP</var> are available as of Model&nbsp;204 version 7.7. </p>
<p>
Because colons are valid password characters as of version 7.7, <var>LOGINCP</var> or <var>LOGONCP</var> replaces the former technique for changing passwords using <var>LOGIN</var> or <var>LOGON</var> and specifying <var class="term">oldpassword</var><tt>:</tt><var class="term">newpassword</var>.  
</p>
</p>
<p>To change a login password in version 7.6 or earlier, see <var>[[LOGIN or LOGON command#Changing a password|LOGIN or LOGON command]]</var>.</p>
<p>
 
To change a login password in version 7.6 or earlier, see [[LOGIN or LOGON command#Changing a password|LOGIN or LOGON command]].</p>
<p>
<p>
The <var>LOGINCP</var> and <var>LOGONCP</var> commands allow the user to gain access to <var class="product">Model&nbsp;204</var> at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges. </p>
The <var>LOGINCP</var> and <var>LOGONCP</var> commands allow the user to gain access to <var class="product">Model&nbsp;204</var> at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges. </p>
Line 57: Line 60:
<li><var class="product">Model&nbsp;204</var> provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in [[Storing security information (CCASTAT)#Login delays|Login delays]].</li>
<li><var class="product">Model&nbsp;204</var> provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in [[Storing security information (CCASTAT)#Login delays|Login delays]].</li>
   
   
<li>A password must follow restrictions as described in "Setting a password" below.</li>
<li>A password must follow restrictions as described below in [[#Password requirements|Password requirements]].</li>
   
   
<li>IFSTRT and IFDIAL threads can change the password as described above. When the password security feature is installed, the more restrictive password rules apply, except that IFSTRT threads do not require the user to reenter the new password.</li>
<li><var>IFSTRT</var> and <var>IFDIAL</var> threads can change the password as described above. When the password security feature is installed, the more restrictive password rules apply, except that <var>IFSTRT</var> threads do not require the user to reenter the new password.</li>
</ul>
</ul>


===Password requirements===
===Password requirements===
Because this command is available as of Model 204 version 7.7, the version 7.7 password rules apply:  
Because this command is available as of Model&nbsp;204 version 7.7, the version 7.7 password rules apply:  
 
A password can be 1 to 127 characters long. Versions 7.7 and later support long passwords, or passphrases, which are at least 9 characters long and up to 127 characters.
<ul>
<ul>
<li>CCASTAT passwords: Regular passwords (up to 8 characters) and long passwords maintained in CCASTAT with the <var>[[LOGCTL command: Modifying file entries in the password table|LOGCTL]]</var> command can contain any character except a comma &mdash; comma is the delimiter between arguments to the LOGCTL command. However, commas are allowed in passwords changed with the LOGONCP command or with the <var>[[$Sir_Login]]</var> function.</li>
<li>A password can contain as many as 127 characters, including blanks and special characters. Leading and trailing blanks are stripped. Commas in passwords are allowed only when using the <var>LOGONCP</var> command or the <var>[[$Sir_Login]]</var> function, but not when using the <var>[[LOGCTL command: Modifying file entries in the password table|LOGCTL]]</var> command. In the case of the <var>LOGCTL</var> command, a comma is the delimiter between arguments. </li>
<li>External Security Manager (ESM) passwords: Regular passwords (up to 8 characters) and passphrases maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. Passwords and passphrases are passed, unaltered and with no restrictions, from Model 204 to the ESM for verification. </li>
<li>External Security Manager (ESM) passwords: Regular passwords (as many as 8 characters) and passphrases (as many as 127 characters) maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. Passwords and passphrases are passed, unaltered and with no restrictions, from Model&nbsp;204 to the ESM for verification. </li>
</ul>
</ul>


With the [[Storing security information (CCASTAT)#Overview of the Password Expiration feature|Password Expiration]] feature installed, the following additional rules apply. <br />The password must:
With the [[Storing security information (CCASTAT)#Overview of the Password Expiration feature|Password Expiration]] feature installed, the following additional rules apply.  
<p>The password must: </p>
<ul>
<ul>
<li>Not be the same as the USERID, the current password, or the previous password.</li>
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li>
<li>Be six, seven, or eight characters long.</li>
<li>Be six, seven, or eight characters long.</li>
<li>Begin with an alphabetic character.</li>
<li>Begin with an alphabetic character.</li>
Line 84: Line 87:
<ul>  
<ul>  
<li>Change file passwords</li>
<li>Change file passwords</li>
<li>Use restricted commands such as CREATE FILE and MONITOR</li>
<li>Use restricted commands such as <var>CREATE FILE</var> and <var>MONITOR</var> </li>
<li>Reset restricted parameters with the RESET command</li>
<li>Reset restricted parameters with the <var>RESET</var> command</li>
</ul>
</ul>
<p>
<p>
For information on the login process for an external security interface, see the Model 204 [[Security interfaces overview|security interfaces]].</p>
For information on the login process for an external security interface, see the Model&nbsp;204 [[Security interfaces overview|security interfaces]].</p>


[[Category: User commands]]
[[Category: User commands]]
[[Category:Commands]]
[[Category:Commands]]

Latest revision as of 17:57, 21 September 2017

Summary

Privileges
Any user with UPRIV X'10' privileges
Function
Logs in to the Model 204 system and changes the user password

Syntax

{LOGINCP | LOGONCP} userid [account]

Where:

userid A character string that identifies the user who is logging in to Model 204. The user ID can be 1 to 10 characters in length.

When an external security interface is performing login validation, the maximum length for the user ID might differ.

account A character string that identifies the account under which the user is logging in to Model 204. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ.

The account identifies the user account to Model 204's accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the Security interfaces category for a detailed discussion of security interfaces.

If an account is not provided, the string NO ACCOUNT is used as the account.

Example

In this example, a user logs in to Model 204 and is prompted and re-prompted for the new password:

LOGONCP USER1 M204.0347: Password M204.0353: USER1 USER1 login 16 JUL 29 12.38 M204.2633: Enter new password M204.2633: Re-enter new password M204.0350: New password accepted M204.0345: CCASTAT updated

Pressing Enter at the M204.2633: prompt will leave the user logged in without changing the password.

LOGINCP is a synonym for LOGONCP.

Usage notes

LOGINCP and LOGONCP are available as of Model 204 version 7.7.

Because colons are valid password characters as of version 7.7, LOGINCP or LOGONCP replaces the former technique for changing passwords using LOGIN or LOGON and specifying oldpassword:newpassword.

To change a login password in version 7.6 or earlier, see LOGIN or LOGON command.

The LOGINCP and LOGONCP commands allow the user to gain access to Model 204 at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges.

Once a user has connected to Model 204, and if the system manager has set the Model 204 option to require logins, any commands entered by the user (other than LOGIN or LOGON, LOGINCP or LOGONCP) display a request for the user to log in.

Failing to log in correctly

If either the user ID or the password is incorrect, Model 204 displays a message that the login failed. In that case, the user reissues the LOGINCP command.

  • Model 204 provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in Login delays.
  • A password must follow restrictions as described below in Password requirements.
  • IFSTRT and IFDIAL threads can change the password as described above. When the password security feature is installed, the more restrictive password rules apply, except that IFSTRT threads do not require the user to reenter the new password.

Password requirements

Because this command is available as of Model 204 version 7.7, the version 7.7 password rules apply:

  • A password can contain as many as 127 characters, including blanks and special characters. Leading and trailing blanks are stripped. Commas in passwords are allowed only when using the LOGONCP command or the $Sir_Login function, but not when using the LOGCTL command. In the case of the LOGCTL command, a comma is the delimiter between arguments.
  • External Security Manager (ESM) passwords: Regular passwords (as many as 8 characters) and passphrases (as many as 127 characters) maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. Passwords and passphrases are passed, unaltered and with no restrictions, from Model 204 to the ESM for verification.

With the Password Expiration feature installed, the following additional rules apply.

The password must:

  • Not be the same as the USERID, the current password, or the previous password.
  • Be six, seven, or eight characters long.
  • Begin with an alphabetic character.
  • Include at least one numeric character.

After login

After logging in and changing the login password, the user has access to most of the Model 204 system commands. The user ID under which the user logs in determines which privileges are available. These privileges can include the ability to:

  • Change file passwords
  • Use restricted commands such as CREATE FILE and MONITOR
  • Reset restricted parameters with the RESET command

For information on the login process for an external security interface, see the Model 204 security interfaces.