[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP OpenVMS System Services Reference Manual


Previous Contents Index

SYS$CREPRC-Ready Item Codes

For users that need to create a process based on quotas and privileges from System User Authorization (SYSUAF) data, the following item codes return data in a form ready to be used in a call to SYS$CREPRC:

Item Code Direction Size Data Provided
ACMEVMS$_CREPRC_BASPRI Output Longword Base priority
ACMEVMS$_CREPRC_IMAGE Output String 1 LOGINOUT
ACMEVMS$_CREPRC_PRCNAM Output String 1 Null
ACMEVMS$_CREPRC_PRVADR Output Quadword Privilege mask
ACMEVMS$_CREPRC_QUOTA Output Sequence-of-bytes Quotas
ACMEVMS$_CREPRC_UIC Output Longword UIC

1The caller must create a descriptor for this item returned as a string to pass it to SYS$CREPRC.

To receive results of these item codes without authentication requires you to use the ACMEVMS$_PREAUTHENTICATION_FLAG, which in turn requires the IMPERSONATE privilege. No additional privilege for these item codes is required.

ACMEVMS$_CREPRC_BASPRI

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC.

This output item code request UAI data in a format suitable for passing to SYS$CREPRC.

ACMEVMS$_CREPRC_IMAGE

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC. The $ACM[W] client is responsible for creating a descriptor for this string.

ACMEVMS$_CREPRC_PRCNAM

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC. The $ACM[W] client is responsible for creating a descriptor for this string.

ACMEVMS$_CREPRC_PRVADR

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC.

ACMEVMS$_CREPRC_QUOTA

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC, regardless of what quota might be handled by this service in the future.

ACMEVMS$_CREPRC_UIC

This output item code requests UAI data in a format suitable for passing to SYS$CREPRC.

Generated Password Item Codes

Any generated password list is returned in the ACM Communications Buffer, which is accessed by the context parameter. The following item codes are used to affect this password list:

Item Code Direction Size Data Provided
ACMEVMS$_GENPWD_COUNT Input Longword Unsigned
ACMEVMS$_GENPWD_MANDATORY_FLAG Input Longword Boolean
ACMEVMS$_GENPWD_MAXLENGTH Input Longword Unsigned
ACMEVMS$_GENPWD_MINLENGTH Input Longword Unsigned

ACMEVMS$_GENPWD_COUNT

The value of this item code indicates the number of any passwords that are generated, regardless of whether generation is due to the UAI$V_GENPWD bit or the presence of the ACMEVMS$_GENPWD_MANDATORY_FLAG input item code.

ACMEVMS$_GENPWD_MANDATORY_FLAG

The caller of SYS$AMCW requests password generation if this item code is present. A value whose low bit is set indicates the caller wants to force the use of the generated passwords, with the VMS ACME rejecting any provided passwords that do not match a password on the list. A value whose low bit is clear indicates that the generated password list is just advisory, with no enforcement by the VMS ACME. However, VMS ACME might actually enforce generated passwords anyway, depending on the setting of the UAI$V_GENPWD bit within the UAI_FLAGS longword bit mask.

ACMEVMS$_GENPWD_MAXLENGTH

The value of this item code indicates the maximum length of any passwords that are generated, regardless of whether generation is due to the UAI$V_GENPWD bit or the presence of the ACMEVMS$_GENPWD_MANDATORY_FLAG input item code.

ACMEVMS$_GENPWD_MINLENGTH

The value of this item code indicates the minimum length of any passwords that are generated, regardless of whether generation is due to the UAI$V_GENPWD bit or the presence of the ACMEVMS$_GENPWD_MANDATORY_FLAG input item code.

Backward Compatibility Item Codes

The ACME-specific item codes that provide backward compatibility are listed in the following table:

Item Code Direction Size Data Provided
ACMEVMS$_LOGINOUT_CLI_FLAGS Input Longword Boolean
ACMEVMS$_LOGINOUT_CREPRC_FLAGS Input Longword Bit mask
ACMEVMS$_OLD_CONNECTION_FLAG Input Longword Boolean
ACMEVMS$_OLD_DECWINDOWS_FLAG Input Longword Boolean
ACMEVMS$_OLD_HASHED_PASSWORD_1 Input Variable String
ACMEVMS$_OLD_HASHED_PASSWORD_2 Input Variable String
ACMEVMS$_OLD_LGI_PHASE Input Longword Code value
ACMEVMS$_OLD_LGI_STATUS Input Longword Message code
ACMEVMS$_OLD_PROCESS_NAME Input Variable String

ACMEVMS$_LOGINOUT_CLI_FLAGS

This input item code supplies the traditional LOGINOUT qualifiers to the VMS ACME, including particularly the /LOCAL_PASSWORD and /CONNECT qualifiers. This item is never provided on an initial call. It is only provided in response to a dialogue step.

Use of this item code is reserved to LOGINOUT, and is enforced by the VMS ACME to prevent spoofing.

ACMEVMS$_LOGINOUT_CREPRC_FLAGS

This input item code provides the CTL$GL_CREPRC_FLAGS longword corresponding to the FLAGS argument used for process creation. The use of this item code is reserved to LOGINOUT and is enforced by the VMS ACME to prevent spoofing.

ACMEVMS$_OLD_CONNECTION_FLAG

This input item code is used by LOGINOUT to indicate to the VMS ACME that a terminal user logging in has chosen to connect to a disconnected process rather than proceed with a new process.

Use of this item code is reserved to LOGINOUT, and is enforced by the VMS ACME to prevent spoofing.

ACMEVMS$_OLD_DECWINDOWS_FLAG

This input item code indicates the old DECwindows callout interface is being used. Use of this item code is reserved to LOGINOUT, and is enforced by the VMS ACME to prevent spoofing.

ACMEVMS$_OLD_HASHED_PASSWORD_1

This input item code specifies a primary password in an alternate form. You can only use this item code when specifying a value of ACMEVMS$_ARGUS for ACME$_AUTH_MECHANISM.

To use this item code, you need the IMPERSONATE privilege.

ACMEVMS$_OLD_HASHED_PASSWORD_2

This input item code specifies a secondary password in an alternate form. You can only use this item code when specifying a value of ACMEVMS$_ARGUS for ACME$_AUTH_MECHANISM.

To use this item code, you need the IMPERSONATE privilege.

ACMEVMS$_OLD_LGI_PHASE

This input item code specifies the phase of the latest LGI-callout. It is used to provide processing equivalent so that when authentication is performed inside LOGINOUT, the following actions occur:
  • Allows LGI$_SKIPRELATED from an LGI-callout routine to be honored by ACMEs.
  • Allows the VMS ACME to update UAF$W_LOGFAILS and possibly UAF$V_DISACNT even for a failure declared by an LGI-callout routine.

Use of this item code is reserved to LOGINOUT and is enforced by the VMS ACME to prevent LGI$_SKIPRELATED spoofing. If you want to perform a similar function, you should write an ACME.

ACMEVMS$_OLD_LGI_STATUS

This input item code specifies the status returned from the latest LGI-callout. It is used to provide processing equivalent so that when authentication is performed inside LOGINOUT, the following actions occur.
  • Allows LGI$_SKIPRELATED from an LGI-callout routine to be honored by ACMEs.
  • Allows the VMS ACME to update UAF$W_LOGFAILS and possibly UAF$V_DISACNT even for a failure declared by an LGI-callout routine.

Use of this item code is reserved to LOGINOUT, enforced by the VMS ACME to prevent LGI$_SKIPRELATED spoofing. If you want to perform a similar function, you should write an ACME.

ACMEVMS$_OLD_PROCESS_NAME

This input item code is used by LOGINOUT to indicate to the VMS ACME the process name after it has attempted to change the process name to match the username.

Use of this item code is reserved to LOGINOUT, and is enforced by the VMS ACME to prevent spoofing.

User Authorization Information (UAI) Item Codes

The VMS ACME supports the UAI codes that return SYSUAF values. SYSUAF contents are required for authorization, initialization, and auditing. The UAI codes are transmitted to the VMS ACME as ACME-specific codes. For the definition of these item codes, see the SYS$GETUAI system service in the HP OpenVMS System Services Reference Manual: GETUTC--Z.

When in dialogue mode and when you ask for the value in the fields, the VMS ACME returns the value from that of the previous login, that is, the login before the current login.

The following ACME UAI item codes are supported:

ACMEVMS$_UAI_ACCOUNTS ACMEVMS$_UAI_NETWORK_ACCESS_P
ACMEVMS$_UAI_ACCOUNT_LIM ACMEVMS$_UAI_NETWORK_ACCESS_S
ACMEVMS$_UAI_ASTLM ACMEVMS$_UAI_OWNER
ACMEVMS$_UAI_AUDIT_FLAGS (*) ACMEVMS$_UAI_PARENT_ID
ACMEVMS$_UAI_BATCH_ACCESS_P ACMEVMS$_UAI_PASSWORD (*)
ACMEVMS$_UAI_BATCH_ACCESS_S ACMEVMS$_UAI_PASSWORD2 (*)
ACMEVMS$_UAI_BIOLM ACMEVMS$_UAI_PBYTLM
ACMEVMS$_UAI_BYTLM ACMEVMS$_UAI_PGFLQUOTA
ACMEVMS$_UAI_CLITABLES ACMEVMS$_UAI_PRCCNT
ACMEVMS$_UAI_CPUTIM ACMEVMS$_UAI_PRI
ACMEVMS$_UAI_DEF_CLASS ACMEVMS$_UAI_PRIMEDAYS
ACMEVMS$_UAI_DEFCLI ACMEVMS$_UAI_PRIV
ACMEVMS$_UAI_DEFDEV ACMEVMS$_UAI_PROXYIES
ACMEVMS$_UAI_DEFDIR ACMEVMS$_UAI_PROXY_LIM
ACMEVMS$_UAI_DEF_PRIV ACMEVMS$_UAI_PWD
ACMEVMS$_UAI_DFWSCNT ACMEVMS$_UAI_PWD2
ACMEVMS$_UAI_DIOLM ACMEVMS$_UAI_PWD_DATE
ACMEVMS$_UAI_DIALUP_ACCESS_P ACMEVMS$_UAI_PWD2_DATE
ACMEVMS$_UAI_DIALUP_ACCESS_S ACMEVMS$_UAI_PWD_LENGTH
ACMEVMS$_UAI_ENCRYPT ACMEVMS$_UAI_PWD_LIFETIME
ACMEVMS$_UAI_ENCRYPT2 ACMEVMS$_UAI_QUEPRI
ACMEVMS$_UAI_ENQLM ACMEVMS$_UAI_REMOTE_ACCESS_P
ACMEVMS$_UAI_EXPIRATION ACMEVMS$_UAI_REMOTE_ACCESS_S
ACMEVMS$_UAI_FILLM ACMEVMS$_UAI_RTYPE
ACMEVMS$_UAI_FLAGS ACMEVMS$_UAI_SALT
ACMEVMS$_UAI_GRP ACMEVMS$_UAI_SHRFILLM
ACMEVMS$_UAI_JTQUOTA ACMEVMS$_UAI_SUB_ID
ACMEVMS$_UAI_LASTLOGIN_I ACMEVMS$_UAI_TQCNT
ACMEVMS$_UAI_LASTLOGIN_N ACMEVMS$_UAI_UIC
ACMEVMS$_UAI_LGICMD ACMEVMS$_UAI_USER_DATA
ACMEVMS$_UAI_LOCAL_ACCESS_P ACMEVMS$_UAI_USRDATOFF
ACMEVMS$_UAI_LOCAL_ACCESS_S ACMEVMS$_UAI_USERNAME
ACMEVMS$_UAI_LOGFAILS ACMEVMS$_UAI_USERNAME_TAG
ACMEVMS$_UAI_MAXACCTJOBS ACMEVMS$_UAI_JSVERSION
ACMEVMS$_UAI_MAX_CLASS ACMEVMS$_UAI_WSQUOTA
ACMEVMS$_UAI_MAXDETACH  
ACMEVMS$_UAI_MAXJOBS  
ACMEVMS$_UAI_MEM  
ACMEVMS$_UAI_MIN_CLASS  

* These items are defined for the following numeric calculations purposes because the base for the ACME-specific UAI item codes is ACMEVMS$K_UAI_BASE. ACMEVMS$K_UAI_BASE can be added to a UAI$_* code to produce the corresponding ACMEVMS$_UAI_* code.

Class Scheduling Item Codes

The following table lists class scheduling item codes:

Item Code Direction Size Data Provided
ACMEVMS$_CLASS_DAYS Output Byte Bit-mask
ACMEVMS$_CLASS_FLAGS Output Longword Bit-mask
ACMEVMS$_CLASS_NAME Output Variable String
ACMEVMS$_CLASS_NUMBER Output Word Integer
ACMEVMS$_CLASS_PRIMEDAY_LIMIT Output 24 bytes Integer Array
ACMEVMS$_CLASS_SECONDAY_LIMIT Output 24 bytes Integer Array

ACMEVMS$_CLASS_DAYS

This item returns a 7-bit array, one for each day of the week starting with Monday as the low-order bit.

If a given bit is set, it means the corresponding day of the week is to be treated as a Secondary Day for purposes of class scheduling. If a given bit is clear, the corresponding day of the week is to be treated as a Primary Day for purposes of class scheduling. These designations are overridden if the $GETSYI item code SYI$_DAY_OVERRIDE is set.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is 1 byte long, so a caller's buffer should be at least that long.

ACMEVMS$_CLASS_FLAGS

This item code returns a 32-bit mask of flags used for class scheduling.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is 4 bytes long, so a caller's buffer should be at least that long.

ACMEVMS$_CLASS_NAME

This item code returns a string indicating the Class Name for class scheduling the VMS Username just authenticated.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is up to 16 characters long, so a caller's buffer should be at least that long, with the number of bytes allocated dependent on whether the ACME$M_UCS2_4 function code modifier was specified on the call to $ACM[W].

ACMEVMS$_CLASS_NUMBER

This item code returns the Class Number for class scheduling the VMS Username just authenticated. A Class Number of zero means no Class applies to this VMS Username.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is 2 bytes long, so a caller's buffer should be at least that long.

ACMEVMS$_CLASS_PRIMEDAY_LIMIT

This item code returns an array of 24 bytes, one for each hour of a Primary Day, each containing a number from 1 to 100 indicating the percentage of the overall system CPU time reserved for members of that class.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is 24 bytes long, so a caller's buffer should be at least that long.

ACMEVMS$_CLASS_SECONDAY_LIMIT

This item code returns an array of 24 bytes, one for each hour of a Secondary Day, each containing a number from 1 to 100 indicating the percentage of the overall system CPU time reserved for members of that class.

This data is intended primarily for LOGINOUT in setting up any class scheduling required for a new process, although other callers of $ACM are free to request it for their own purposes.

Data returned for this item code is 24 bytes long, so a caller's buffer should be at least that long.

Miscellaneous Item Codes

The following ACME-specific item codes cannot be classified into any of the previous categories:

Item Code Direction Size Data Provided
ACMEVMS$_AUTOLOGIN_ALLOWED_FLAG Input Longword Boolean
ACMEVMS$_CONFIRM_PASSWORD_1 Input Variable String
ACMEVMS$_CONFIRM_PASSWORD_2 Input Variable String
ACMEVMS$_CONFIRM_PASSWORD_SYS Input Variable String
ACMEVMS$_NET_PROXY Input Variable String
ACMEVMS$_PREAUTHENTICATION_FLAG Input Longword Boolean
ACMEVMS$_REQUESTOR_PID Input Longword Hexadecimal
ACMEVMS$_REQUESTOR_UIC Input Longword Hexadecimal
ACMEVMS$_REQUESTOR_USERNAME Input Variable String
ACMEVMS$_USES_SYSTEM_PASSWORD Input Longword Boolean

ACMEVMS$_AUTOLOGIN_ALLOWED_FLAG

This input item code specifies that a particular access port is of a type eligible for VMS Autologin. If the port is not specified in the Autologin file read by the VMS ACME, then this item code has no effect.

ACMEVMS$_CONFIRM_PASSWORD_1

The VMS ACME uses this input item code as a separate verification prompt when a new primary password is being specified. Use of a separate dialogue step rather than the verification method built into the Item Set definition allows some initial checking to be done for acceptability of the proposed password before the user is asked to type the password in again.

Some networked ACME agents are tied to network protocols that do not allow independent checking of the acceptability of a proposed password, so even when an item set with this item code is returned, the proposed password could be rejected later.

This item code might be requested in a dialogue step.

ACMEVMS$_CONFIRM_PASSWORD_2

The VMS ACME uses this input item code as a separate verification prompt when a new secondary password is being specified. Use of a separate dialogue step rather than the verification method built into the Item Set definition allows some initial checking to be done for acceptability of the proposed password before the user is asked to type the password again.

Some networked ACME agents are tied to network protocols that do not allow independent checking of the acceptability of a proposed password, so even when an item set with this item code is returned, the proposed password could be rejected later. Most networked ACME agents do not support secondary passwords, so after an item set with this item code has been returned, rejection later is unlikely, though possible.

This item code might be requested in a dialogue step.

ACMEVMS$_CONFIRM_PASSWORD_SYS

The VMS ACME uses this input item code as a separate verification prompt when a new system password is being specified. Use of a separate dialogue step rather than the verification method built into the Item Set definition allows full initial checking to be done for acceptability of the proposed system password before the user is asked to type the entire password in again.

This item code might be requested in a dialogue step.

ACMEVMS$_NET_PROXY

This input item code specifies the proxy user name for which a network login is to be processed, without authentication information, just as for a batch login or preauthenticated network login.

This item code requires the IMPERSONATE privilege.

ACMEVMS$_PREAUTHENTICATION_FLAG

This input item code specifies a login that is to be processed without authentication information, such as for a batch login. When first received by the VMS ACME, this item code causes the setting of the WQE_PREAUTHENTICATED flag in the Work Queue Entry Context, which is honored by all ACMEs.

To use this item code, you need the IMPERSONATE privilege.

ACMEVMS$_REQUESTOR_PID

This input item code specifies the Requestor Processor ID for use by the VMS ACME in auditing and breakin detection. Combined with the codes ACMEVMS$_REQUESTOR_UIC and ACMEVMS$_REQUESTOR_USERNAME, it is used when the process calling $ACM is not actually the process to which the authentication should be attributed. When first received by the VMS ACME, the value of this item is stored in the REQUESTOR_PID longword in the Request Context for later use. This item code is available to support LGI-callout operations and other callers to LGI$AUTHENTICATE_USER.

To use this item code, you need the IMPERSONATE privilege to guard against spoofing.

ACMEVMS$_REQUESTOR_UIC

This input item code specifies the Requestor UIC for use by the VMS ACME in auditing and breakin detection. When first received by the VMS ACME, the value of this item is stored in the REQUESTOR_UIC longword in the Request Context for later use. This item code is available to support LGI-callout operations and other callers of LGI$AUTHENTICATE_USER.

This item allows the caller of $ACM to provide an accurate value because a call to SYS$GETJPI, based on the ACMEVMS$_REQUESTOR_PID ACME-specific item code value, might produce inaccurate results due to a subsequent assumption of a different persona in the requestor process.

To use this item code, you need the IMPERSONATE privilege to guard against spoofing.

ACMEVMS$_REQUESTOR_USERNAME

This input item code specifies the Requestor Username for use by the VMS ACME in auditing and breakin detection. When first received by the VMS ACME, the value of this item is stored in the OWNER_USERNAME varying string descriptor in the Request Context for later use. This item code supports LGI-callout operations and other callers of LGI$AUTHENTICATE_USER.

This item allows the caller of $ACM to provide an accurate value because a call to SYS$GETJPI, based on the ACMEVMS$_REQUESTOR_PID item code value, might produce inaccurate results due to a subsequent assumption of a different persona in the requestor process.

To use this item code, you need the IMPERSONATE privilege to guard against spoofing.

ACMEVMS$_USES_SYSTEM_PASSWORD

This input item code specifies that a particular access port is enabled for use of the System Password. Other conditions, such as not having a System Password defined, may mean that no Item Set requesting a System Password is actually returned to the client. When first received by the VMS ACME, the value of this item is stored in the USES_SYSTEM_PASSWORD_FLAG boolean in the Request Context for later use.

To use this item code, you need the SECURITY privilege to guard against password guessing.

VMS ACME-Specific---Output Message Categories

The following table lists the output message categories specific to the VMS ACME and their meanings:

Message Category Meaning
ACMEVMS$K_OLD_AUTH_FLAGS Password requirement flags
ACMEVMS$K_OLD_DECW_PWD_EXP_1 Binary expiration warning
ACMEVMS$K_OLD_DECW_PWD_EXP_2 Binary expiration warning
ACMEVMS$K_OLD_DECW_PWD_QUALITY Binary password quality status
ACMEVMS$K_OLD_SYSUAF_070 Authorization record
ACMEVMS$K_OLD_TERMINAL_CONNECT Advance notice of authentication


Previous Next Contents Index