Security Use Files

Contents:

The accompanying zip file (SECURE.ZIP) contains a set of subroutines that can be used for comet security purposes. There are 10 functions that can be called to control the security functionality of COSW.

They are:

Get.Session.ID – Returns the unique COSW ID of the current session. Used to identify the particular machine that the application is talking to. CMONITOR uses this ID to identify the users machine.

Kill.This.Session – Shuts down COSW on the current session. Used by CMONITOR to reject a particular user.

Enable.Include.List – Tells Comet to allow only users in the "include list" of ID’s to be allowed in. Others will be rejected.

Disable.Include.List – Tells Comet to disregard the include list when validating users.

Enable.Exclude.List – Tells Comet to not allow the user ID’s in the Exclude list in.

Disable.Exclude.List – Tells Comet to disregard the include list when validating users.

Delete.Include.list – Tells Comet to clear all of the entries in the include list.

Delete.Exclude.list – Tells Comet to clear all of the entries in the exclude list.

Add.Include.List – Tells Comet to add this particular ID to the include list.

Add.Exclude.List – Tells Comet to add this particular ID to the exclude list.

 

These Routines are supplied in 3 files:

#secured – a use file containing declaritives used by the routines.

#secure – the source fuse file containing the executable routines themselves.

Xsecurit – a test program to illustrate the use of the routines.

 

Discussion:

Cmonitor, the first program run by anyone when signing on to a comet system uses the above set of routines to implement a "double door" system which allows users access to comet programs.

The first door is the include/exclude lists of Comet itself, and the second door is a file of allowed users in Cmonitor itself.

The problem to be solved is how to establish users when setting up the system or adding additional machines. The process is solved in several ways all involving the idmaint administration program.

Using Idmaint, the administrator can set the system up in "build mode". Build mode allows everyone to log into the system, asking each their name as they log in for the first time. As each user logs in, a record is added to the administration file. When all users have logged in, the administrator turns off build mode, maintains the user list, and then tells Idmaint to put all users into the Include List.