LOGIN or LOGON command: Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (embedded blanks supported for long passwords)
 
(18 intermediate revisions by 3 users not shown)
Line 23: Line 23:
<td>A character string that identifies the account under which the user is logging in to <var class="product">Model&nbsp;204</var>. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ.
<td>A character string that identifies the account under which the user is logging in to <var class="product">Model&nbsp;204</var>. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ.
<p>
<p>
The account identifies the user account to <var class="product">Model&nbsp;204</var>'s accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the <var class="book">Model&nbsp;204 Security Interfaces Manual</var> for a detailed discussion of security interfaces. If the login feature is not in use, the string <code>NO ACCOUNT</code> is used as the account.</p></td></tr>  
The account identifies the user account to <var class="product">Model&nbsp;204</var>'s accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the [[:Category:Security interfaces|Model 204 Security Interfaces pages]] for detailed discussion of security interfaces. If the login feature is not in use, the string <code>NO ACCOUNT</code> is used as the account.</p></td></tr>  
</table>
</table>


Line 41: Line 41:
Once a user has connected to <var class="product">Model&nbsp;204</var>, and if the system manager has set the <var class="product">Model&nbsp;204</var> option to require logins, any commands entered by the user (other than <var>LOGIN</var> or <var>LOGON</var>) display a request for the user to log in.</p>
Once a user has connected to <var class="product">Model&nbsp;204</var>, and if the system manager has set the <var class="product">Model&nbsp;204</var> option to require logins, any commands entered by the user (other than <var>LOGIN</var> or <var>LOGON</var>) display a request for the user to log in.</p>


====Failing to log in correctly====
===Failing to log in correctly===
<p>
<p>
If either the user ID or the password is incorrect, <var class="product">Model&nbsp;204</var> displays a message that the login failed. If an error occurs, the user reissues the <var>LOGIN</var> command.</p>
If either the user ID or the password is incorrect, <var class="product">Model&nbsp;204</var> displays a message that the login failed. If an error occurs, the user reissues the <var>LOGIN</var> command.</p>
Line 47: Line 47:
<li><var class="product">Model&nbsp;204</var> provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in [[Storing security information (CCASTAT)#Login delays|Login delays]].</li>
<li><var class="product">Model&nbsp;204</var> provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in [[Storing security information (CCASTAT)#Login delays|Login delays]].</li>
   
   
<li>A password must follow restrictions. At a minimum a password cannot contain spaces, commas, or colons, and must not be the same as the <var>USERID</var>, the current password, or the previous password. Additional restrictions may apply with the Password Expiration feature or be specific to your site. See "Setting a password" below.</li>
<li>A password must follow restrictions. At a minimum a password cannot contain spaces, commas, or colons, and must not be the same as the <var>[[USERID parameter|USERID]]</var>, the current password, or the previous password. Additional restrictions may apply with the Password Expiration feature or be specific to your site. See "Setting a password" below.</li>
   
   
<li>IFSTRT and IFDIAL threads can change the password by appending a colon and the new password, as described above. When the password security feature is installed, the more restrictive password rules apply, except that IFSTRT threads do not require the user to reenter the new password.</li>
<li><var>IFSTRT</var> and <var>IFDIAL</var> threads can change the password by appending a colon and the new password, as described above. When the password security feature is installed, the more restrictive password rules apply, except that <var>IFSTRT</var> threads do not require the user to reenter the new password.</li>
</ul>
</ul>


====Setting a password====
===Setting a password===
<p>
<p>
After you enter a <var>LOGIN</var> or <var>LOGON</var> command, enter a password after the system prompt:</p>
After you enter a <var>LOGIN</var> or <var>LOGON</var> command, enter a password after the system prompt:</p>
Line 59: Line 59:
</p>
</p>
<p>
<p>
If the Password Expiration feature was installed at your site, the following message is also issued to confirm your password:</p>
<var class="term">password</var> is a character string.
<p class="code">M204.2633: RE-ENTER NEW PASSWORD
The length of <var class="term">password</var> is: </p>
<p>
1 to 8 characters long (Model 204 version 7.6 or earlier) <br />
1 to 127 characters long (Model 204 version 7.7 or later). <br />
Semicolons are not supported in passwords on IFSTRTN threads
</p>
</p>
<p>
<p>
<var class="term">password</var> is a character string.
<var class="term">password</var> can be mixed case if <code>[[CUSTOM parameter|CUSTOM=11]]</code> is set.</p>
The length of <var class="term">password</var> is: <br />
 
1 to 8 characters long (Model 204 version 7.6 or earlier) <br />
====Model 204 version 7.5 or earlier====
1 to 127 characters long (Model 204 version 7.7 or later). </p>
A password can be 1 to 8 characters long and cannot contain spaces, commas, or colons.  
<ul>  
 
<li>Without the Password Expiration feature installed, a password cannot contain spaces, commas, or colons (unless <var>[[PWDCOLON parameter|PWDCOLON=1]]</var> is set in version 7.6). The password gives the user access to the system. </li>
With the Password Expiration feature installed, the following additional rules apply. <br />The password must:
<ul>
<li>With the Password Expiration feature installed, the password cannot contain spaces, commas, or colons (unless <var>PWDCOLON=1</var> is set in version 7.6). Also, the password must:  
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li>
<ul>  
<li>Be six, seven, or eight characters long.</li>
<li>Begin with an alphabetic character.</li>
<li>Include at least one numeric character.</li>
</ul>
 
====Model 204 version 7.6 only====
A password can be 1 to 8 characters long and cannot contain spaces or commas. It can contain colons if <code>[[PWDCOLON parameter|PWDCOLON=1]]</code> is set.
 
The <var>PWDCOLON</var> parameter, <i>available only in version 7.6</i>, supports the use of colons in passwords.
 
With the Password Expiration feature installed, the following additional rules apply. <br />The password must:
<ul>
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li>
<li>Be six, seven, or eight characters long.</li>
<li>Begin with an alphabetic character.</li>
<li>Include at least one numeric character.</li>
</ul>
 
====Model 204 version 7.7 and later====
A password can be 1 to 127 characters long. Versions 7.7 and later support long passwords, or passphrases, which are at least 9 characters long and up to 127 characters.
<p>
Multiple, embedded spaces (that is, blanks) are valid characters for 8-character passwords, long passwords and password phrases. Leading and trailing spaces are stripped and so are not part of the password.</p>
<ul>
<li>CCASTAT passwords: Regular passwords (up to 8 characters) and long passwords maintained in CCASTAT with the <var>[[LOGCTL command: Modifying user ID entries in the password table|LOGCTL]]</var> command can contain any character (even a colon) except a comma.  Passwords may contain commas if they are changed with the <var>[[LOGONCP command|LOGONCP]]</var> command or with the <var>[[$Sir_Login]]</var> function.</li>
 
<li>External Security Manager (ESM) passwords: Regular passwords (up to 8 characters) and passphrases maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. For example, certain Security Server (RACF) special characters require setting the Model&nbsp;204 <var>[[CUSTOM parameter|CUSTOM]]</var> parameter 11 value.
<p>
Passwords and passphrases are passed, unaltered and with no restrictions, from Model&nbsp;204 to the ESM for verification. </p></li>
</ul>
With the Password Expiration feature installed, the following additional rules apply. <br />The password must:
<ul>
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li>
<li>Not be the same as the <var>USERID</var>, the current password, or the previous password.</li>
<li>Be six, seven, or eight characters long (Model 204 version 7.6 or earlier), or<br />
<li>Be six, seven, or eight characters long.</li>
be at least six characters long and up to a maximum of 127 characters (Model 204 version 7.7 or later).</li>
<li>Begin with an alphabetic character.</li>
<li>Begin with an alphabetic character.</li>
<li>Include at least one numeric character.</li>
<li>Include at least one numeric character.</li>
</ul></li>
</ul>
</ul>
===Changing a password===
===Changing a password===


In Model 204 version 7.5 or earlier, change your password by entering your existing password, a colon, and your new password:
====Model 204 version 7.5 or earlier====
Change your password by entering your existing password, a colon, and your new password:
<p class="code">*** M204.0347: PASSWORD
<p class="code">*** M204.0347: PASSWORD
<i>password</i>:<i>new password</i></p>
<i>password</i>:<i>new password</i></p>
Line 90: Line 122:
<p>
<p>
When a new password is being specified, the password and the new password must be separated by a colon (<tt>:</tt>). When the user enters the password, <var class="product">Model&nbsp;204</var> masks it from view.  </p>
When a new password is being specified, the password and the new password must be separated by a colon (<tt>:</tt>). When the user enters the password, <var class="product">Model&nbsp;204</var> masks it from view.  </p>
In Model 204 version 7.6 only, if <var>[[PWDCOLON parameter|PWDCOLON=1]]</var> is set, you cannot change your password using <i>password</i>:<i>new password</i> because colons are allowed in passwords. You can change your password in one of the following ways:
<p>
If the [[Storing security information (CCASTAT)#Overview of the Password Expiration feature|Password Expiration]] feature was installed at your site, the following message is also issued to confirm your password:</p>
<p class="code">M204.2633: RE-ENTER NEW PASSWORD
</p>
 
====Model 204 version 7.6 only====
If <var>[[PWDCOLON parameter|PWDCOLON=1]]</var> is set, you cannot change your password using <i>password</i>:<i>new password</i> because colons are allowed in passwords. You can change your password in one of the following ways:
<ul>
<ul>
<li>using the <var>[[LOGCTL command: Modifying user ID entries in the password table|LOGCTL]]</var> C command (system manager privileges required)</li>
<li>using the <var>[[LOGCTL command: Modifying user ID entries in the password table|LOGCTL]]</var> C command (system manager privileges required)</li>
<li>using the <var>[[$Sir_Login]]</var> function call (in Janus Web Server and Janus Sockets applications)</li>
<li>using the <var>[[$Sir_Login]]</var> function call (in Janus Web Server and Janus Sockets applications)</li>
</ul>
</ul>
====Model 204 version 7.7 and later====
Use the <var>[[LOGINCP or LOGONCP command|LOGINCP]]</var> command to change your login password.
Because colons are always valid login password characters as of version 7.7, <var>LOGINCP</var> or <var>LOGONCP</var> replaces the former technique for changing passwords using <var>LOGIN</var> or <var>LOGON</var> and specifying <var class="term">password</var>:<var class="term">newpassword</var>.
===After login===
===After login===
<p>
<p>
Line 111: Line 155:
For information on the login process for an external security interface, see the Model 204 [[Security interfaces overview|security interfaces]].</p>
For information on the login process for an external security interface, see the Model 204 [[Security interfaces overview|security interfaces]].</p>


[[Category: General user commands]]
[[Category: User commands]]
[[Category:Commands]]
[[Category:Commands]]

Latest revision as of 21:50, 16 January 2018

Summary

Privileges
Any user
Function
Logs in to the Model 204 system

Syntax

{LOGIN | LOGON} userid [account]

Where:

userid A character string that identifies the user who is logging in to Model 204. The user ID can be 1 to 10 characters in length.

When an external security interface is performing login validation, the range for the user ID might differ.

account A character string that identifies the account under which the user is logging in to Model 204. The account can be 1 to 10 characters in length. Under an external security interface, the maximum for account might differ.

The account identifies the user account to Model 204's accounting routines. The value of account in these routines might be affected by the use of an external security interface. Refer to the Model 204 Security Interfaces pages for detailed discussion of security interfaces. If the login feature is not in use, the string NO ACCOUNT is used as the account.

Example

In this example, a user logs in to Model 204:

LOGIN BLOOM D0101005 *** M204.0347: PASSWORD BUDGET *** M204.0353: BLOOM D0101005 LOGIN 88 JUL 11 12.04

Usage notes

The LOGIN and LOGON commands allow the user to gain access to Model 204 at most installations. The system manager controls whether or not the login procedure is required at an installation. If the login procedure is not required, the user is assigned a default set of privileges.

Once a user has connected to Model 204, and if the system manager has set the Model 204 option to require logins, any commands entered by the user (other than LOGIN or LOGON) display a request for the user to log in.

Failing to log in correctly

If either the user ID or the password is incorrect, Model 204 displays a message that the login failed. If an error occurs, the user reissues the LOGIN command.

  • Model 204 provides login delays for threads that repeatedly fail to log in correctly. Refer to the discussion of this feature in Login delays.
  • A password must follow restrictions. At a minimum a password cannot contain spaces, commas, or colons, and must not be the same as the USERID, the current password, or the previous password. Additional restrictions may apply with the Password Expiration feature or be specific to your site. See "Setting a password" below.
  • IFSTRT and IFDIAL threads can change the password by appending a colon and the new password, as described above. When the password security feature is installed, the more restrictive password rules apply, except that IFSTRT threads do not require the user to reenter the new password.

Setting a password

After you enter a LOGIN or LOGON command, enter a password after the system prompt:

*** M204.0347: PASSWORD password

password is a character string. The length of password is:

1 to 8 characters long (Model 204 version 7.6 or earlier)
1 to 127 characters long (Model 204 version 7.7 or later).
Semicolons are not supported in passwords on IFSTRTN threads

password can be mixed case if CUSTOM=11 is set.

Model 204 version 7.5 or earlier

A password can be 1 to 8 characters long and cannot contain spaces, commas, or colons.

With the Password Expiration feature installed, the following additional rules apply.
The password must:

  • Not be the same as the USERID, the current password, or the previous password.
  • Be six, seven, or eight characters long.
  • Begin with an alphabetic character.
  • Include at least one numeric character.

Model 204 version 7.6 only

A password can be 1 to 8 characters long and cannot contain spaces or commas. It can contain colons if PWDCOLON=1 is set.

The PWDCOLON parameter, available only in version 7.6, supports the use of colons in passwords.

With the Password Expiration feature installed, the following additional rules apply.
The password must:

  • Not be the same as the USERID, the current password, or the previous password.
  • Be six, seven, or eight characters long.
  • Begin with an alphabetic character.
  • Include at least one numeric character.

Model 204 version 7.7 and later

A password can be 1 to 127 characters long. Versions 7.7 and later support long passwords, or passphrases, which are at least 9 characters long and up to 127 characters.

Multiple, embedded spaces (that is, blanks) are valid characters for 8-character passwords, long passwords and password phrases. Leading and trailing spaces are stripped and so are not part of the password.

  • CCASTAT passwords: Regular passwords (up to 8 characters) and long passwords maintained in CCASTAT with the LOGCTL command can contain any character (even a colon) except a comma. Passwords may contain commas if they are changed with the LOGONCP command or with the $Sir_Login function.
  • External Security Manager (ESM) passwords: Regular passwords (up to 8 characters) and passphrases maintained by an ESM can contain some special characters, depending on the settings for that ESM. Check with your ESM administrator to determine which characters are allowed. For example, certain Security Server (RACF) special characters require setting the Model 204 CUSTOM parameter 11 value.

    Passwords and passphrases are passed, unaltered and with no restrictions, from Model 204 to the ESM for verification.

With the Password Expiration feature installed, the following additional rules apply.
The password must:

  • Not be the same as the USERID, the current password, or the previous password.
  • Be six, seven, or eight characters long.
  • Begin with an alphabetic character.
  • Include at least one numeric character.

Changing a password

Model 204 version 7.5 or earlier

Change your password by entering your existing password, a colon, and your new password:

*** M204.0347: PASSWORD password:new password

new password is governed by the same limitations and requirements as password. However, you can enter a new password at login only if your user privileges include the ability to change your password as you log in.

When a new password is being specified, the password and the new password must be separated by a colon (:). When the user enters the password, Model 204 masks it from view.

If the Password Expiration feature was installed at your site, the following message is also issued to confirm your password:

M204.2633: RE-ENTER NEW PASSWORD

Model 204 version 7.6 only

If PWDCOLON=1 is set, you cannot change your password using password:new password because colons are allowed in passwords. You can change your password in one of the following ways:

  • using the LOGCTL C command (system manager privileges required)
  • using the $Sir_Login function call (in Janus Web Server and Janus Sockets applications)

Model 204 version 7.7 and later

Use the LOGINCP command to change your login password.

Because colons are always valid login password characters as of version 7.7, LOGINCP or LOGONCP replaces the former technique for changing passwords using LOGIN or LOGON and specifying password:newpassword.

After login

After logging in, the user has access to most of the Model 204 system commands. The user ID under which the user logs in determines which privileges are available. These privileges can include the ability to:

  • Change the login password
  • Change file passwords
  • Use restricted commands such as CREATE FILE and MONITOR
  • Reset restricted parameters with the RESET command

For information on the login process for an external security interface, see the Model 204 security interfaces.