%META:TOPICINFO{author="ChrisBartram" date="1170381142" format="1.1" version="1.2"}%
%META:TOPICPARENT{name="HP3000OperatingSystemQuestions"}%
---+ How to prevent someone from logging on MANAGER.SYS;PARM=1 on an HP3000 (disables option logon UDCs)

Some HP 3000 security packages rely on a system-wide logon UDC to protect the computer. Logon UDCs can be ignored if the user logs on with Parm=-1, which can potentially be a BIG security hole unless you have a patch from HP. 

A new feature on MPE/iX 5.0 allows you to choose whether or not you can enforce logon UDCs by disabling the Parm=-1 option even for users with SM capability. You can turn this feature on in the Sysgen Misc section by doing the following: 

<pre>
    :sysgen
    sysgen> misc
      misc> system enforcelogonudcs=ON
      misc> show system
      misc> hold
      misc> exit
    sysgen> keep
    sysgen> exit
</pre>

The change does not take effect until the system is restarted with START NORECOVERY. Nice new feature. 


-- Main.ChrisBartram - 18 May 2006