1 11/19/85 Card Access Control
2
3 Authentication procedures are enforced for user submission of card
4 input. You must have a registered card input password and have given
5 access to the submitting card input station. See also
6 card_input.gi.info.
7
8 For you to submit a card deck for input to Multics, the following
9 conditions must be met:
10 1. You must be registered for card input and have an assigned card
11 input password set up by the system administrator or have been
12 given permission to use the null password feature.
13 2. A special access control segment must exist in your mailbox
14 directory. Proper access must be set for the station in order for
15 it to read card decks see "Card input access control segment"
16 below.
17
18
19 3. You must have permission to use the card input station. This is
20 granted by the system administrator on the ACL of the station
21 access control segment.
22
23 For remote job entry RJE jobs, the tag portion of the process group
24 ID of the absentee process which is used in access control
25 calculations is "p". A system administrator or you can deny access
26 to RJE jobs with the ACL term:
27 null *.*.p
28 or similar ACL terms, assuming that there does not exist a more
29 specific ACL term that gives access.
30
31
32 Card input registration and password: Each user usually must be given
33 a card input password by the system administrator to use any form of
34 card input on Multics. The card input password defined should be
35 different from your interactive password. You Person_id and password
36 are provided on control cards at the time the deck is submitted.
37
38 The user who submits card input must include a password card as the
39 second card of his deck. It has the form
40 ++PASSWORD xxxxxxxx
41 where xxxxxxxx is the user's registered card input password 1-8
42 characters. The keypunch printer should be usually turned off when
43 punching the password.
44
45
46 If the Person_id given in the ++DATA or ++RJE card is not registered
47 appropriately, or if the password given on the password card is
48 incorrect, the input is not accepted.
49
50
51 Card input access control segment: The card input access control
52 segment allows you to control which stations can be used to read bulk
53 card input using your Person_id and Project_id; its pathname is
54 >udd>Project_id>Person_id>card_input.acs
55
56 This segment must exist with an ACL containing read access to each
57 station that is permitted to submit bulk data input for you and
58 execute access for each station that is permitted to submit RJE jobs.
59 For example,
60 re Station.*.*
61
62
63 You can use the ACL star convention as usual. If your job lacks
64 access to the card input ACS, input is not accepted. If this segment
65 does not exist or if the access is not as specified, card input is not
66 permitted. Besides, you must have permission to use the station, with
67 the same type of access as defined above, granted by the system
68 administrator on the ACL of the station access control segment as
69 discussed below. Remote terminal login is accepted only from remote
70 terminals that have a registered station ID and password. The name of
71 each registered station and its password is stored in the person name
72 table.
73
74
75 Station access control segment: Each station has an access control
76 segment in >system_control_1>rcp> named station.acs. The ACL of this
77 segment lists all users allowed to submit card input through the
78 station; you must have read access for bulk data input and execute
79 access for RJE. For example,
80 re Person_id.Project_id.*
81
82 You can use the ACL star convention as usual. If your job lacks
83 access to the station ACS, the input is not accepted.
84
85
86 This check allows your site to specify that a certain station is
87 reserved for the use of a certain group of users. The ACS can also be
88 used to ensure that certain stations are not used to submit card input
89 for privileged users, such as *.SysAdmin, who should never use the
90 facility for reasons of security. If you are not on the ACS for a
91 station you wish to use, you should contact the system adminstrator to
92 obtain proper access.