[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference vaxaxp::vmsnotes

Title:	VAX and Alpha VMS
Notice:	This is a new VMSnotes, please read note 2.1
Moderator:	VAXAXP::BERNARDO

Created:	Wed Jan 22 1997
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	703
Total number of notes:	3722

470.0. "Questions on lgi$icb_validate" by CSC32::R_SWANSON () Mon Apr 14 1997 20:46

I have a customer who runs a third party application called Multinet Secure IP.
The customer states that whenever they have a login failure the login 
intrusion record is 2 instead of 1. If they do not run this application only
1 login failure is recorded.  The customer contacted Multinet and Multinet
logged a new call.  Multinet briefly stated that when their application 
gets a login failure it flags VMS which logs another login failure as well.
The customer  (Multinet) was wondering if their is any way around this. 
Following is the mail message I received from him.  As far as the first 
question goes, I don't believe there is any way to call lgi$icb_validate
without setting the intrusion record. 

Does anybody have any suggestion on how to only get one login failure in
the intrusion record instead of two?  Following is mail he sent me describing 
what they do.

Thanks!

------------------------------------------------------------------------


LOGINOUT calls the LGI callout function lgi$icr_authenticate
lgi$icr_authenticate is our code.

we determine that we need to do a username/password validation so we get the
password(s) via the LGI$ICB_PASSWORD function.

we then validate the password(s) via the LGI$ICB_VALIDATE function.

If validation fails, LGI$ICB_VALIDATE sets the intrusion record and returns
a failure to us.  At this point we return the failure to LOGINOUT.  LOGINOUT
takes the failure and sets the intrusion record the second time and
disallows the login.

Questions:

1) Is there a way to call LGI$ICB_VALIDATE without setting the intrusion record.
2) Is returning failure after calling LGI$ICB_VALIDATE the correct thing to do.

Thanks,

Mike
-------------------------------------------------------

T.R Title User Personal
Name Date Lines

470.1 EEMELI::MOSER Orienteers do it in the bush... Tue Apr 15 1997 03:27 8

T.R	Title	User	Personal Name	Date	Lines
470.1		EEMELI::MOSER	Orienteers do it in the bush...	`Tue Apr 15 1997 03:27`	8
	check the status which Multinet's own routine returns after doing their own validation. If they return SS$_NORMAL, LOGINOUT will do a validation again, but if they return LGI$_SKIPRELATED, then LOGINOUT knows that it should skip that because the LGI callout already did the validation. /cmos

    check the status which Multinet's own routine returns after doing their
    own validation.
    
    If they return SS$_NORMAL, LOGINOUT will do a validation again, but if
    they return LGI$_SKIPRELATED, then LOGINOUT knows that it should skip
    that because the LGI callout already did the validation.
    
    /cmos