USERS-FILE
The USERS-FILE provides a way of securing outgoing connections. It contains network user- and group-ids, and these are used to ensure network security by mapping local user- and group-ids to remote user-ids. Entries in the USERS-FILE are only used if the user-id parameter is not explicitly supplied when using Reality, remlog, program to program communication, interactive file access, simple file transfer (sft), rush or SovereignX Background Processors.
The USERS-FILE can contain entries for both individual local user-ids and for UNIX group-ids. If a remote user-id is not supplied when using any of the above programs, the system attempts to obtain the network user-id from the USERS-FILE by looking up the local user-id. If the user does not have an entry in the USERS-FILE, or if the user has no entry for the required remote system, the system checks for a group-id entry.
Each local user- or group-id entry will have a sub-entry for each remote system that the user wishes to access. Similarly, for each remote system there will be a network user-id and password, which will be supplied to that remote system if the user-id is not supplied explicitly by the user.
It is the responsibility of the System Administrator to set up the USERS-FILE. However, users who have entries in the USERS-FILE can change the remote password using the RUFMUP command.
Note
In order for one SovereignX environment to communicate with another (for instance to use the background processing facility), local USERS-FILE entries must include a subrecord of the remote environment name with a destination user-id and associated password.
USERS-FILE Management
The USERS-FILE Management utility allows the system administrator to enter network user-ids and passwords that can be used by local users when accessing remote systems.
You run the USERS-FILE Management utility by choosing userfile from the Network Management menu. You will see the following menu:
USER FILE MANAGEMENT
1 addnewuserid
2 addsubrecord
3 changepwd
4 delsubrecord
5 deluserid
6 listuserid
7 verifyusers
number (or q)
Adding a User-id
To add a new user-id to the USERS-FILE, select
addnewuserid
from the Users File Management menu. You will see the following prompt:
Enter user id (or .groupid) [q] :
Enter either of the following:
- A valid local user-id.
- A dot (full stop) followed by a valid local group-id.
When you press RETURN, the following prompt is displayed:
commit entry [y,(n),q] :
- To confirm a
valid user- or group-id, enter
y. - To exit
without updating the USERS-FILE, enter
n.
Note
If the user-id or group-id is not valid, an error message is displayed and you are prompted to try again.
Adding Remote System Details
A user- or group-id can be updated at any time to contain a network
user-id and password to be used when logging on to a remote system. To add
remote system details to a user- or group-id, select
addsubrecord
from the Users File Management menu.
-
user id to add subrecord to
1. tom
2. dick
3. .comms
Enter a number [q] :A dot preceding a user name indicates that this is a group-id rather than a user-id.
Enter the number corresponding to the user- or group-id for which details of a remote system are to be added.
-
Destination system name [q] :Enter the name of a remote system. This must be the system name of a valid ROUTE-FILE entry or
*(to indicate any remote system not specifically listed in the USERS-FILE).If the remote system cannot be found in the ROUTE-FILE, an error message is displayed and you are prompted to try again.
-
User id on destination system [q] :Enter the user-id to be used to log onto the remote system. The user-id entered here must be a valid user-id on the remote system.
Note
If you are connecting to a remote Reality database on a UNIX host, the remote user-id must be a host user-id that is the same as a Reality user-id on the remote database; the UNIX password must be used when connecting.
For a remote Reality database on a Windows host, the remote user-id must be a valid Reality user-id on the database.
The validity of this user-id is not checked. If it is incorrect, the local user will be unable to log in to the remote system.
-
password [q] :Enter the password for the remote user-id.
Note
Pressing RETURN allocates a password of RETURN. To allocate a null password, use the Change Password option to delete the password.
Note
The validity of the password is not checked. If it is incorrect, the local user will be unable to log in to the remote system.
-
re-enter password [q] :Confirm the new password by entering it a second time.
-
commit entry [y,(n),q] :- To confirm the entry, enter
y. - To cancel the entry, enter
n.
- To confirm the entry, enter
Changing a Password
Once a user-id and password have been defined, it is possible to change the password by selecting changepwd from the Users File Management menu.
-
userid containing password to alter
1. tom
2. dick
3. harry
4. .comms
Enter a number [q] :Enter the number corresponding to the local user- or group-id for which a password is to be altered.
-
subrecord to alter password in
1. Destination system -> HQ
Destination userid -> PROG1
2. Destination system -> LONDON
Destination userid -> SYSPROG
Enter a number [q] :Enter the number corresponding to the remote system on which the password is to be altered.
-
Changing password for useruseridto destinationsystem.
1. Change password
2. Delete password
Enter a number [q] :-
To change the current password enter
1. The following prompt is displayed:password [q] :
Enter the new password.
re-enter password [q] :
Confirm the new password by entering it a second time.
replacing old password. Press ENTER to continue
-
To delete the current password, enter
2.deleting password. Press ENTER to continue
-
Deleting a Remote System
An entry for a remote system can be removed from a user's USERS-FILE record at any time by selecting delsubrecord from the Users File Management menu.
-
user id to delete subrecord from
1. tom
2. dick
3. harry
4. .comms
Enter a number [q] :Enter the number corresponding to the local user- or group-id for which a remote system entry is to be deleted.
-
subrecord to delete
1. Destination system -> HQ
Destination userid -> PROG1
2. Destination system -> LONDON
Destination userid -> SYSPROG
Enter a number [q] :Enter the number corresponding to the remote system for which details are to be removed.
-
Deleting subrecord from userid tom, destination LONDON.
confirm [y,(n),q] :-
To remove details of the remote system, enter
y. -
To exit without altering the USERS-FILE, enter
n.
-
Deleting a User's Entry
To remove a user's entry and all associated remote system entries from the USERS-FILE, select deluserid from the Users File Management menu.
-
select entry to delete
1. tom
2. dick
3. harry
4. .comms
Enter a number [q] :Enter the number corresponding to the local user- or group id to be removed.
-
userid -> tom
1. Destination system -> HQ
Destination userid -> PROG1
2. Destination system -> LONDON
Destination userid -> SYSPROG
confirm [y,(n),q] :- To confirm deletion of the user-id, enter
y. - To exit without altering the USERS-FILE, enter
n.
- To confirm deletion of the user-id, enter
Displaying a User's Entry
To display a user's entry in the USERS-FILE, select listuserid from the Users File Management menu.
-
select entry to list
1. tom
2. dick
3. harry
4. .comms
Enter a number [q] :Enter the number corresponding to the local user- or group-id for which details are to be displayed.
-
userid -> tom
1. Destination system -> HQ
Destination userid -> PROG1
2. Destination system -> LONDON
Destination userid -> SYSPROG
Press ENTER to continue
Verifying the USERS-FILE
In order to verify the entries in the USERS-FILE, select verifyusers from the Users File Management menu.
The verify option carries out the following checks on the USERS-FILE:
- Each user- or group-id must only be entered once.
- Each remote system must be a valid ROUTE-FILE entry (or *).
- The network user-id field must not be blank.
As the file is checked, a series of messages is displayed on the screen. These messages are displayed a screen at a time. To see the next screen, press RETURN.
When the entire file has been checked the following message is displayed:
Press ENTER to continue
The XUI User-id
If you intend making incoming X.25 User Interface (XUI) connections to a server running on a Reality database, you will need a user-id entry called XUI in the USERS-FILE. This is created as follows:
-
Add a new user-id called XUI (in upper case).
-
Add a sub-record (remote system details) to the XUI user-id by selecting
addsubrecordfrom the Users File Management menu. When prompted, enter the number of the XUI user-id. You will then be prompted for the following information (the prompts for the XUI user-id are different to those for a normal sub-record.): -
Entering XUI format sub-record.
Xui destination name [q] :Enter the name of the required Reality database; that is, the system name of the appropriate Reality ROUTE-FILE entry.
-
Account name [q] :Enter the name of the account to which to connect. If you leave this field empty, the default account for the specified user-id will be used.
-
Server name [q] :Enter the name of the required DataBasic server program. Note that this program must be accessible from the specified user-id and account.
-
Xui Userid on local system [q] :Enter the UNIX user-id to which connection will be made. Note that the database must have a Reality user-id with the same name.
Note
On most UNIX systems, user-ids can only be entered in lower case. Because of this, the Reality user-id must also be in lower-case.
-
password [q] :Enter the password for the specified UNIX user-id.
Note
Pressing RETURN allocates a password of RETURN. To allocate a null password, use the Change Password option to delete the password.
-
re-enter password [q] :Confirm the new password by entering it a second time.
-
commit entry [y,(n),q] :-
To confirm the entry, enter
y. -
To cancel the entry, enter
n.
-
Note
Although you can create additional sub-records for the XUI user-id, the second and subsequent sub-records are ignored.
You can change the password and delete sub-records in the same way as for normal USERS-FILE entries.