From: SMTP%"MACRO32%WKUVX1.BITNET@uu7.psi.com" 12-JUN-1993 10:58:18.63 To: EVERHART CC: Subj: RE: LOGINOUT hooks - now documented! Message-Id: <9306112056.AA09355@uu7.psi.com> X-Listname: "VMS Internals, MACRO, & BLISS Discussions" Warnings-To: <> Errors-To: MacroMan%WKUVX1.BITNET@uu7.psi.com Sender: MacroMan%WKUVX1.BITNET@uu7.psi.com Date: Fri, 11 Jun 1993 22:49:28 +0200 From: "GWDGV1::MOELLER" Reply-To: MACRO32%WKUVX1.BITNET@uu7.psi.com To: MACRO32@WKUVX1.BITNET Subject: RE: LOGINOUT hooks - now documented! > At the Decus 93 symposium in Atlanta, Digital *finally* announced that > hooks into LOGINOUT are documented. The hooks are in 5.5-2 and the docs are > just now making their way out. [...] Being a regular visitor to German DECUS symposia, I received them via e-mail some time in March :-) Unfortunately, they were marked "company confidential" at that time. BTW, the hooks started appearing with 5.5 LOGINOUT ... >The hooks will let you do custom authorization, i.e. reject no matter what >LOGINOUT would let you do (to do stuff like restrict access to certain hosts in >the cluster), accept no matter LOGINOUT would let you do (maybe Kerberos fits >in here), or just add additional checks on top of normal authorization. Caveat: get a test machine before trying something out! In order to enable, you have to set the SYSGEN parameter LGI_CALLOUTS, and when that's done, *absolutely* *no* invocation of LOGINOUT will succeed unless your code is present and working (my copy of the doc even claims that LGI_CALLOUTS is a non-dynamic parameter - fortunately this isn't true as of 5.5-x). BTW, I'd like to know if anybody gets the DECwindows part of those user-exits to do something interesting - with DECwindows/MOTIF (not quite sure about this) I found that the most suitable callback is done at a time when DECW$LOGINOUT has just "grabbed" the keyboard - no luck asking the user for more data then ... [According to my doc, there's no way accessing the "window" being used by DECW$LOGINOUT, and undoing a grab from another "window" gets extremely messy. After a lot of hacking, I got it working in the standard case, but the "change password" window (which may appear afterwards) would loop.] Wolfgang J. Moeller, GWDG, D-3400 Goettingen, F.R.Germany | Disclaimer ... PSI%(0262)45050352008::MOELLER Phone: +49 551 201516 | No claim intended! Internet: moeller@gwdgv1.dnet.gwdg.de | This space intentionally left blank.