Logins can be either interactive or noninteractive. When youlog in interactively, you enter an OpenVMS user name and a password.In noninteractive logins, the system performs the identificationand authentication for you; you are not prompted for a user nameand password. (The term interactive, as usedhere, differs from an interactive mode process defined by the DCLlexical function F$MODE(). For a description of the F$MODE function,see the HP OpenVMS DCL Dictionary.)
In addition to interactive and noninteractive logins, theOpenVMS operating system recognizes different classes of logins.How you log in to the system determines the login class towhich you belong. Based on your login class, as well as the timeof day or day of the week, the system manager controls your accessto the system.
Logging In Interactively: Local, Dialup,and Remote Logins Interactive logins include the following login classes:
Local You log in from a terminal connected directly to the centralprocessor or from a terminal server that communicates directly withthe central processor.
Dialup You log in to a terminal that uses a modem and a telephoneline to make a connection to the computer system. Depending on theterminal that your system uses, you might need to execute a fewadditional steps. Your site security administrator can give youthe necessary details.
Remote You log in to a node over the network by entering the DCLcommand SET HOST. For example, to access the remote node HUBBUB,you enter the following command:
$ SET HOST HUBBUB
If you have access to an account on node HUBBUB, you can login to that account from your local node. You have access to thefacilities on node HUBBUB, but you remain physically connected toyour local node.
Logging In Using External Authentication If you are an externally authenticated user,you log in by entering your LAN Manager user ID and password atthe OpenVMS login prompts. Your LAN Manager user ID may or may notbe the same as your OpenVMS user name.
Reading Informational Messages When you log in from a terminal that is directly connectedto a computer, the OpenVMS system displays informational systemmessages. Local Login Messages illustratesmost of these messages.
Example 1 Local Login Messages
WILLOW - A member of the Forest Cluster [1] Unlawful Access is Prohibited Username:RWOODSPassword:You have the following disconnected process:[2]
Terminal Process name Image nameVTA52: RWOODS (none) Connect to above listed process [YES]: NOWelcome to OpenVMS on node WILLOW [3]Last interactive login on Wednesday, 1-DEC-2001 10:20[4]Last non-interactive login on Monday, 30-NOV-2001 17:39[5]2 failures since last successful login[6]You have 1 new mail message.[7]$
The preceding example illustrates the following:
The announcementmessage identifies the node (and, if relevant, the cluster). Itmay also warn unauthorized users that unlawful access is prohibited.The system manager or security administrator can control both theappearance and the content of this message.
A disconnected job message informs you that yourprocess was disconnected at some time after your last successfullogin but is still available. You have the option of reconnectingto the old process and returning your process to its state beforeyou were disconnected. The system displays the disconnected job message only whenthe following conditions exist:
The terminal where the interruptionoccurred is set up as a virtual terminal.
Your terminal is set up as one that can be disconnected.
During a recent session, your connection to thecentral processing unit (CPU) through that terminal was broken beforeyou logged out.
In general, the securityadministrator should allow you to reconnect to a disconnected jobbecause this ability poses no special problems for system security.However, the security administrator can disable this function bychanging the setup on terminals and by disabling virtual terminalson the system.
A welcome message indicates the version number ofthe OpenVMS operating system that is running and the name of thenode on which you are logged in. The system manager can choose adifferent message or can suppress the message entirely.
The last successful interactive login message providesthe time of the last completed login for a local, dialup, or remotelogin. (The system does not count logins from a subprocess whoseparent was one of these types.)
The last successful noninteractive login messageprovides the time the last noninteractive (batch or network) loginfinished.
The number of login failures message indicates thenumber of failed attempts at login. (An incorrect password is theonly source of login failure that is counted.) To attract your attention,a bell rings after the message appears.
The new mail message indicates if you have any newmail messages.
A security administrator can suppress the announcement andwelcome messages, which include node names and operating systemidentification. Because login procedures differ from system to system,it is more difficult to log in without this information.
The last login success and failure messages are optional.Your security administrator can enable or disable them as a group.Sites with medium-level or high-level security needs display thesemessages because they can indicate break-in attempts. In addition,by showing that the system is monitoring logins, these messages canbe a deterrent to potential illegal users.
Each time you log in, the system resets the values for thelast successful login and the number of login failures. If you access youraccount interactively and do not specify an incorrect password inyour login attempts, you may not see the last successful noninteractivelogin and login failure messages.
When the System Logs In for You: Networkand Batch Logins Noninteractive logins include network logins and batch logins.
The system performs a network login when you start a networktask on a remote node, such as displaying the contents of a directoryor copying files stored in a directory on another node. Both yourcurrent system and the remote system must be nodes in the same network.In the file specification, you identify the target node and providean access control string, which includes your user name and passwordfor the remote node.
For example, a network login occurs when user Greg, who hasan account on remote node PARIS, enters the following command:
This command displays a listing of all the files in the publicdirectory on disk WORK2. It also reveals the password 8G4FR93A.A more secure way to perform the same task would be to use a proxyaccount on node PARIS. For an example of a proxy login, see Using Proxy Login Accounts to Protect Passwords.
The system performs a batch login when a batch job that yousubmitted runs. Authorization to build the job is determined atthe time the job is submitted. When the system prepares to executethe job, the job controller creates a noninteractive process thatlogs in to your account. No password is required when the job logsin.
HP OpenVMS Guide to System Security
Security for the User
