|
HP OpenVMS Systemsask the wizard |
|
The Question is: We just got an Alpha 1200 that is running 7.1. All our other machines are running 6.2. When I do SET PROC /PRIV=ALL and then SHOW PROC/PRIV on 7.1 a new privilege shows up, "IMPERSONATE", that does not show up on 6.2. I've looked all through the 7.1 release notes and the Security Manual and can find no reference to this new privilege. What is it for? Thanks. car/os The Answer is : DETACH has always allowed user impersonation, various folks erroneously believed it (only) controlled the creation of detached processes -- in fact, mere possession of the DETACH privilege has never controlled nor restricted the creation of a detached process, as any process with sufficient available MAXDETACH quota can create a detached process. And given the original name used for this privilege, this confusion was entirely understandable. Because of this confusion, IMPERSONATE is the new privilege name that is displayed for the existing DETACH privilege capabilities. AUTHORIZE and other commands will display IMPERSONATE, but will accept both the new IMPERSONATE and the old DETACH name as synonyms on command input. With versions of OpenVMS V6.2 and later, additional impersonation-related operations (particularly the persona system services) are controlled by the possession of the IMPERSONATE (DETACH) privilege. Existing programs with symbolic references to the PRV$M_DETACH constant and similar will continue to operate, as will command procedures that reference DETACH as the name of a privilege, etc. (New symbols, such as PRV$M_IMPERSONATE, also available.) Existing references to DETACH in the documentation are being updated to reflect this name change.
|