11/19/85 Card Access Control Authentication procedures are enforced for user submission of card input. You must have a registered card input password and have given access to the submitting card input station. (See also card_input.gi.info.) For you to submit a card deck for input to Multics, the following conditions must be met: 1. You must be registered for card input and have an assigned card input password set up by the system administrator or have been given permission to use the null password feature. 2. A special access control segment must exist in your mailbox directory. Proper access must be set for the station in order for it to read card decks (see "Card input access control segment" below). 3. You must have permission to use the card input station. This is granted by the system administrator on the ACL of the station access control segment. For remote job entry (RJE) jobs, the tag portion of the process group ID of the absentee process (which is used in access control calculations) is "p". A system administrator or you can deny access to RJE jobs with the ACL term: null *.*.p or similar ACL terms, assuming that there does not exist a more specific ACL term that gives access. Card input registration and password: Each user usually must be given a card input password by the system administrator to use any form of card input on Multics. The card input password defined should be different from your interactive password. You Person_id and password are provided on control cards at the time the deck is submitted. The user who submits card input must include a password card as the second card of his deck. It has the form ++PASSWORD xxxxxxxx where xxxxxxxx is the user's registered card input password (1-8 characters). The keypunch printer should be usually turned off when punching the password. If the Person_id given in the ++DATA or ++RJE card is not registered appropriately, or if the password given on the password card is incorrect, the input is not accepted. Card input access control segment: The card input access control segment allows you to control which stations can be used to read bulk card input using your Person_id and Project_id; its pathname is >udd>Project_id>Person_id>card_input.acs This segment must exist with an ACL containing read access to each station that is permitted to submit bulk data input for you and execute access for each station that is permitted to submit RJE jobs. For example, re Station.*.* You can use the ACL star convention as usual. If your job lacks access to the card input ACS, input is not accepted. If this segment does not exist or if the access is not as specified, card input is not permitted. Besides, you must have permission to use the station, with the same type of access as defined above, granted by the system administrator on the ACL of the station access control segment as discussed below. Remote terminal login is accepted only from remote terminals that have a registered station ID and password. The name of each registered station and its password is stored in the person name table. Station access control segment: Each station has an access control segment in >system_control_1>rcp> named station.acs. The ACL of this segment lists all users allowed to submit card input through the station; you must have read access for bulk data input and execute access for RJE. For example, re Person_id.Project_id.* You can use the ACL star convention as usual. If your job lacks access to the station ACS, the input is not accepted. This check allows your site to specify that a certain station is reserved for the use of a certain group of users. The ACS can also be used to ensure that certain stations are not used to submit card input for privileged users, such as *.SysAdmin, who should never use the facility for reasons of security. If you are not on the ACS for a station you wish to use, you should contact the system adminstrator to obtain proper access. ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved