LOGIN or LOGON command: Difference between revisions
(Automatically generated page update) |
m (embedded blanks supported for long passwords) |
||
(26 intermediate revisions by 3 users not shown) | |||
Line 6: | Line 6: | ||
<dd>Logs in to the <var class="product">Model 204</var> system | <dd>Logs in to the <var class="product">Model 204</var> system | ||
</dl> | </dl> | ||
==Syntax== | ==Syntax== | ||
<p class="syntax">{LOGIN | LOGON} <i>userid</i> [<i>account</i>] | <p class="syntax">{LOGIN | LOGON} <i>userid</i> [<i>account</i>] | ||
</p> | </p> | ||
Where: | |||
<table> | <table> | ||
<tr> | <tr> | ||
<th>userid</th> | <th>userid</th> | ||
<td> | <td>A character string that identifies the user who is logging in to <var class="product">Model 204</var>. The user ID can be 1 to 10 characters in length. | ||
<p>When an external security interface is performing login validation, the range for the user ID might differ.</p> | <p> | ||
</td> | When an external security interface is performing login validation, the range for the user ID might differ.</p></td></tr> | ||
</tr> | |||
<tr> | <tr> | ||
<th>account</th> | <th>account</th> | ||
<td> | <td>A character string that identifies the account under which the user is logging in to <var class="product">Model 204</var>. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ. | ||
<p>The account identifies the user account to <var class="product">Model 204</var>'s accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the | <p> | ||
</td> | The account identifies the user account to <var class="product">Model 204</var>'s accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the [[:Category:Security interfaces|Model 204 Security Interfaces pages]] for detailed discussion of security interfaces. If the login feature is not in use, the string <code>NO ACCOUNT</code> is used as the account.</p></td></tr> | ||
</tr> | |||
</table> | </table> | ||
==Example== | ==Example== | ||
In this example, a user logs in to <var class="product">Model 204</var>: | In this example, a user logs in to <var class="product">Model 204</var>: | ||
Line 35: | Line 34: | ||
LOGIN 88 JUL 11 12.04 | LOGIN 88 JUL 11 12.04 | ||
</p> | </p> | ||
==Usage notes== | ==Usage notes== | ||
<p>The LOGIN and LOGON commands allow the user to gain access to <var class="product">Model 204</var> at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges. | <p> | ||
<p>Once a user has connected to <var class="product">Model 204</var>, and if the system manager has set the <var class="product">Model 204</var> option to require logins, any commands entered by the user (other than LOGIN or LOGON) display a request for the user to log in.</p> | The <var>LOGIN</var> and <var>LOGON</var> commands allow the user to gain access to <var class="product">Model 204</var> at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges. </p> | ||
<p> | |||
<p>If either the user ID or the password is incorrect, <var class="product">Model 204</var> displays a message that the login failed. If an error occurs, the user reissues the LOGIN command.</p> | Once a user has connected to <var class="product">Model 204</var>, and if the system manager has set the <var class="product">Model 204</var> option to require logins, any commands entered by the user (other than <var>LOGIN</var> or <var>LOGON</var>) display a request for the user to log in.</p> | ||
===Failing to log in correctly=== | |||
<p> | |||
If either the user ID or the password is incorrect, <var class="product">Model 204</var> displays a message that the login failed. If an error occurs, the user reissues the <var>LOGIN</var> command.</p> | |||
<ul> | <ul> | ||
<li | <li><var class="product">Model 204</var> provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in [[Storing security information (CCASTAT)#Login delays|Login delays]].</li> | ||
</li> | |||
<li | <li>A password must follow restrictions. At a minimum a password cannot contain spaces, commas, or colons, and must not be the same as the <var>[[USERID parameter|USERID]]</var>, the current password, or the previous password. Additional restrictions may apply with the Password Expiration feature or be specific to your site. See "Setting a password" below.</li> | ||
</li> | |||
<li> | <li><var>IFSTRT</var> and <var>IFDIAL</var> threads can change the password by appending a colon and the new password, as described above. When the password security feature is installed, the more restrictive password rules apply, except that <var>IFSTRT</var> threads do not require the user to reenter the new password.</li> | ||
< | </ul> | ||
</li> | |||
===Setting a password=== | |||
<p> | |||
<p>After | After you enter a <var>LOGIN</var> or <var>LOGON</var> command, enter a password after the system prompt:</p> | ||
<p class="code">*** M204.0347: PASSWORD | <p class="code">*** M204.0347: PASSWORD | ||
<i>password</i> | <i>password</i> | ||
</p> | |||
<p> | |||
<var class="term">password</var> is a character string. | |||
The length of <var class="term">password</var> is: </p> | |||
<p> | |||
1 to 8 characters long (Model 204 version 7.6 or earlier) <br /> | |||
1 to 127 characters long (Model 204 version 7.7 or later). <br /> | |||
Semicolons are not supported in passwords on IFSTRTN threads | |||
</p> | </p> | ||
<p>If the Password Expiration feature was installed at your site, the following message is also issued to confirm your password:</p> | <p> | ||
<var class="term">password</var> can be mixed case if <code>[[CUSTOM parameter|CUSTOM=11]]</code> is set.</p> | |||
====Model 204 version 7.5 or earlier==== | |||
A password can be 1 to 8 characters long and cannot contain spaces, commas, or colons. | |||
With the Password Expiration feature installed, the following additional rules apply. <br />The password must: | |||
<ul> | |||
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li> | |||
<li>Be six, seven, or eight characters long.</li> | |||
<li>Begin with an alphabetic character.</li> | |||
<li>Include at least one numeric character.</li> | |||
</ul> | |||
====Model 204 version 7.6 only==== | |||
A password can be 1 to 8 characters long and cannot contain spaces or commas. It can contain colons if <code>[[PWDCOLON parameter|PWDCOLON=1]]</code> is set. | |||
The <var>PWDCOLON</var> parameter, <i>available only in version 7.6</i>, supports the use of colons in passwords. | |||
With the Password Expiration feature installed, the following additional rules apply. <br />The password must: | |||
<ul> | |||
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li> | |||
<li>Be six, seven, or eight characters long.</li> | |||
<li>Begin with an alphabetic character.</li> | |||
<li>Include at least one numeric character.</li> | |||
</ul> | |||
====Model 204 version 7.7 and later==== | |||
A password can be 1 to 127 characters long. Versions 7.7 and later support long passwords, or passphrases, which are at least 9 characters long and up to 127 characters. | |||
<p> | |||
Multiple, embedded spaces (that is, blanks) are valid characters for 8-character passwords, long passwords and password phrases. Leading and trailing spaces are stripped and so are not part of the password.</p> | |||
<ul> | |||
<li>CCASTAT passwords: Regular passwords (up to 8 characters) and long passwords maintained in CCASTAT with the <var>[[LOGCTL command: Modifying user ID entries in the password table|LOGCTL]]</var> command can contain any character (even a colon) except a comma. Passwords may contain commas if they are changed with the <var>[[LOGONCP command|LOGONCP]]</var> command or with the <var>[[$Sir_Login]]</var> function.</li> | |||
<li>External Security Manager (ESM) passwords: Regular passwords (up to 8 characters) and passphrases maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. For example, certain Security Server (RACF) special characters require setting the Model 204 <var>[[CUSTOM parameter|CUSTOM]]</var> parameter 11 value. | |||
<p> | |||
Passwords and passphrases are passed, unaltered and with no restrictions, from Model 204 to the ESM for verification. </p></li> | |||
</ul> | |||
With the Password Expiration feature installed, the following additional rules apply. <br />The password must: | |||
<ul> | |||
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li> | |||
<li>Be six, seven, or eight characters long.</li> | |||
<li>Begin with an alphabetic character.</li> | |||
<li>Include at least one numeric character.</li> | |||
</ul> | |||
===Changing a password=== | |||
====Model 204 version 7.5 or earlier==== | |||
Change your password by entering your existing password, a colon, and your new password: | |||
<p class="code">*** M204.0347: PASSWORD | |||
<i>password</i>:<i>new password</i></p> | |||
<p> | |||
<var class="term">new password</var> is governed by the same limitations and requirements as <var class="term">password</var>. However, you can enter a new password at login only if your user privileges include the ability to change your password as you log in.</p> | |||
<p> | |||
When a new password is being specified, the password and the new password must be separated by a colon (<tt>:</tt>). When the user enters the password, <var class="product">Model 204</var> masks it from view. </p> | |||
<p> | |||
If the [[Storing security information (CCASTAT)#Overview of the Password Expiration feature|Password Expiration]] feature was installed at your site, the following message is also issued to confirm your password:</p> | |||
<p class="code">M204.2633: RE-ENTER NEW PASSWORD | <p class="code">M204.2633: RE-ENTER NEW PASSWORD | ||
</p> | </p> | ||
< | |||
< | ====Model 204 version 7.6 only==== | ||
< | If <var>[[PWDCOLON parameter|PWDCOLON=1]]</var> is set, you cannot change your password using <i>password</i>:<i>new password</i> because colons are allowed in passwords. You can change your password in one of the following ways: | ||
< | <ul> | ||
< | <li>using the <var>[[LOGCTL command: Modifying user ID entries in the password table|LOGCTL]]</var> C command (system manager privileges required)</li> | ||
<li>using the <var>[[$Sir_Login]]</var> function call (in Janus Web Server and Janus Sockets applications)</li> | |||
<li> | </ul> | ||
< | |||
< | ====Model 204 version 7.7 and later==== | ||
<li> | Use the <var>[[LOGINCP or LOGONCP command|LOGINCP]]</var> command to change your login password. | ||
< | |||
</li> | Because colons are always valid login password characters as of version 7.7, <var>LOGINCP</var> or <var>LOGONCP</var> replaces the former technique for changing passwords using <var>LOGIN</var> or <var>LOGON</var> and specifying <var class="term">password</var>:<var class="term">newpassword</var>. | ||
< | ===After login=== | ||
< | <p> | ||
< | After logging in, the user has access to most of the <var class="product">Model 204</var> system commands. The user ID under which the user logs in determines which privileges are available. These privileges can include the ability to: </p> | ||
< | |||
< | |||
< | |||
< | |||
< | |||
<ul> | <ul> | ||
<li | <li>Change the login password</li> | ||
</li> | |||
<li | <li>Change file passwords</li> | ||
</li> | |||
<li | <li>Use restricted commands such as CREATE FILE and MONITOR</li> | ||
</li> | |||
<li | <li>Reset restricted parameters with the RESET command</li> | ||
</ul> | |||
</li> | |||
<p> | |||
<p>For information on the login process for an external security interface, | For information on the login process for an external security interface, see the Model 204 [[Security interfaces overview|security interfaces]].</p> | ||
[[Category: | |||
[[Category: User commands]] | |||
[[Category:Commands]] | [[Category:Commands]] |
Latest revision as of 21:50, 16 January 2018
Summary
- Privileges
- Any user
- Function
- Logs in to the Model 204 system
Syntax
{LOGIN | LOGON} userid [account]
Where:
userid | A character string that identifies the user who is logging in to Model 204. The user ID can be 1 to 10 characters in length.
When an external security interface is performing login validation, the range for the user ID might differ. |
---|---|
account | A character string that identifies the account under which the user is logging in to Model 204. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ.
The account identifies the user account to Model 204's accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the Model 204 Security Interfaces pages for detailed discussion of security interfaces. If the login feature is not in use, the string |
Example
In this example, a user logs in to Model 204:
LOGIN BLOOM D0101005 *** M204.0347: PASSWORD BUDGET *** M204.0353: BLOOM D0101005 LOGIN 88 JUL 11 12.04
Usage notes
The LOGIN and LOGON commands allow the user to gain access to Model 204 at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges.
Once a user has connected to Model 204, and if the system manager has set the Model 204 option to require logins, any commands entered by the user (other than LOGIN or LOGON) display a request for the user to log in.
Failing to log in correctly
If either the user ID or the password is incorrect, Model 204 displays a message that the login failed. If an error occurs, the user reissues the LOGIN command.
- Model 204 provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in Login delays.
- A password must follow restrictions. At a minimum a password cannot contain spaces, commas, or colons, and must not be the same as the USERID, the current password, or the previous password. Additional restrictions may apply with the Password Expiration feature or be specific to your site. See "Setting a password" below.
- IFSTRT and IFDIAL threads can change the password by appending a colon and the new password, as described above. When the password security feature is installed, the more restrictive password rules apply, except that IFSTRT threads do not require the user to reenter the new password.
Setting a password
After you enter a LOGIN or LOGON command, enter a password after the system prompt:
*** M204.0347: PASSWORD password
password is a character string. The length of password is:
1 to 8 characters long (Model 204 version 7.6 or earlier)
1 to 127 characters long (Model 204 version 7.7 or later).
Semicolons are not supported in passwords on IFSTRTN threads
password can be mixed case if CUSTOM=11
is set.
Model 204 version 7.5 or earlier
A password can be 1 to 8 characters long and cannot contain spaces, commas, or colons.
With the Password Expiration feature installed, the following additional rules apply.
The password must:
- Not be the same as the USERID, the current password, or the previous password.
- Be six, seven, or eight characters long.
- Begin with an alphabetic character.
- Include at least one numeric character.
Model 204 version 7.6 only
A password can be 1 to 8 characters long and cannot contain spaces or commas. It can contain colons if PWDCOLON=1
is set.
The PWDCOLON parameter, available only in version 7.6, supports the use of colons in passwords.
With the Password Expiration feature installed, the following additional rules apply.
The password must:
- Not be the same as the USERID, the current password, or the previous password.
- Be six, seven, or eight characters long.
- Begin with an alphabetic character.
- Include at least one numeric character.
Model 204 version 7.7 and later
A password can be 1 to 127 characters long. Versions 7.7 and later support long passwords, or passphrases, which are at least 9 characters long and up to 127 characters.
Multiple, embedded spaces (that is, blanks) are valid characters for 8-character passwords, long passwords and password phrases. Leading and trailing spaces are stripped and so are not part of the password.
- CCASTAT passwords: Regular passwords (up to 8 characters) and long passwords maintained in CCASTAT with the LOGCTL command can contain any character (even a colon) except a comma. Passwords may contain commas if they are changed with the LOGONCP command or with the $Sir_Login function.
- External Security Manager (ESM) passwords: Regular passwords (up to 8 characters) and passphrases maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. For example, certain Security Server (RACF) special characters require setting the Model 204 CUSTOM parameter 11 value.
Passwords and passphrases are passed, unaltered and with no restrictions, from Model 204 to the ESM for verification.
With the Password Expiration feature installed, the following additional rules apply.
The password must:
- Not be the same as the USERID, the current password, or the previous password.
- Be six, seven, or eight characters long.
- Begin with an alphabetic character.
- Include at least one numeric character.
Changing a password
Model 204 version 7.5 or earlier
Change your password by entering your existing password, a colon, and your new password:
*** M204.0347: PASSWORD password:new password
new password is governed by the same limitations and requirements as password. However, you can enter a new password at login only if your user privileges include the ability to change your password as you log in.
When a new password is being specified, the password and the new password must be separated by a colon (:). When the user enters the password, Model 204 masks it from view.
If the Password Expiration feature was installed at your site, the following message is also issued to confirm your password:
M204.2633: RE-ENTER NEW PASSWORD
Model 204 version 7.6 only
If PWDCOLON=1 is set, you cannot change your password using password:new password because colons are allowed in passwords. You can change your password in one of the following ways:
- using the LOGCTL C command (system manager privileges required)
- using the $Sir_Login function call (in Janus Web Server and Janus Sockets applications)
Model 204 version 7.7 and later
Use the LOGINCP command to change your login password.
Because colons are always valid login password characters as of version 7.7, LOGINCP or LOGONCP replaces the former technique for changing passwords using LOGIN or LOGON and specifying password:newpassword.
After login
After logging in, the user has access to most of the Model 204 system commands. The user ID under which the user logs in determines which privileges are available. These privileges can include the ability to:
- Change the login password
- Change file passwords
- Use restricted commands such as CREATE FILE and MONITOR
- Reset restricted parameters with the RESET command
For information on the login process for an external security interface, see the Model 204 security interfaces.