Introduction to the Comet Security System
From CometWiki
Introduction to the Comet Security System
The Comet Security System provides password sign-on security for Comet systems. These features are implemented through the standard QMONITOR program included with Comet Version 502 and above, and through the SECURITY utility program contained in the UTL directory of a standard Comet release.
This documentation is intended for system managers who will be installing and maintaining the Comet security system. We have tried to keep the information in this document as clear as possible, but if you should have questions about any information in this document, we recommend calling your authorized Signature Systems dealer before proceeding.
The standard QMONITOR program included with Comet release contains password security options. The security options are activated simply by running the SECURITY utility program. The following chart lists the differences between the security and non-security implementations of QMONITOR.
Non-security implementation Security implementation |No password required at sign-on |Password required at sign-on |- |Automatic access to all Comet directories |Restricted access to directories (controlled by directory list in individual's password record) |- |Ability to use the ACCESS command at the READY prompt |Optional ability to use the ACCESS command at the READY prompt (controlled by flag in individual's password record) |- |System always runs QMONITOR |System runs QMONITOR or specific user program (if program name is contained in individual's password record)
The security options in QMONITOR make use of a system password file. Each record in this file contains the user's name, password, directory list, program-to-run, and ACCESS command flag.
When a user signs on to a password-secured Comet system, they enter their assigned password and QMONITOR reads the information from their password record to create their list of accessed Comet directories. Thus, each person's password may contain an individual list of directories, one of the best ways to prohibit access to security-sensitive files and programs.
If the user's password record contains the name of a program to be run, the user will be taken immediately to that program (an application menu, for example) and they will not see the familiar READY prompt of the QMONITOR program. And, in the course of using the Comet system, that user will always be returned to the program listed in their password record, not to the QMONITOR READY prompt. (Note, however, that if no program name is listed in the user's password record, they will proceed to the QMONITOR program all the time.)
Another option in the user's password is a flag indicating whether or not the person will be allowed to use the ACCESS command at the READY prompt of QMONITOR. If the flag is turned on, the user will be permitted to access additional Comet directories from the READY prompt. If the flag is turned off, the user will not be permitted to access other Comet directories.
The system password file is created and maintained with the SECURITY program. This program provides options for naming the system password file; adding, changing, deleting,and printing password records; and renaming the system password file.
Note: Since the name of the system password file is itself contained in a data file, the filename can be changed at any time without having to change the QMONITOR program. In fact, the QMONITOR program never needs to be re-compiled in order to implement the Comet security system.
An additional utility program is included with the release. This program lets you convert a password file from Qantel format to Comet format. The program name is SECQ2C.
The following file is created by the Comet security system:
Filename Directory Description QSTART2 COS Contains the name of the system password file and a list of the users currently signed onto the system
In addition, a user-defined password file name is created on a Comet directory specified by the user. This file is named (or renamed) via the SECURITY program.