Passwords

Regardless of whether you're using AcuServer's built-in security or native system security, defining passwords in the access records of your AcuAccess file can be very useful.

If you are using LOGON security, defining the password field to hold the user's current Windows NT domain password can make the login process transparent. When a requester initiates a connection to AcuServer, AcuServer uses the value of the requester's password field, if defined, to log the requester onto the Windows NT domain. If the password is not valid, the user is prompted to enter a password. If the user enters a blank password, that entry counts as one password attempt, but AcuServer does not give an error message, and the user can try again. Note that the named-pipe form of security does not use the password field. See SECURITY_METHOD for more information.

If you are using UNIX system security, you can simplify the login process by defining the password field to hold the user's current system password.

If you are using AcuServer's system security, you can use passwords to achieve added security. When a password is assigned to an entry in the server access file, requesters who match that entry must return a matching password to AcuServer. The client application has two options for acquiring and sending a password back to AcuServer:

Option one: program variable

The requesting application may include code that checks for the program variable Acu_Client_Password. If defined, its value is considered an unencrypted password, which is then encrypted and sent to AcuServer for verification. If the value does not match the value in the access record, the connection is refused. Using Acu_Client_Password, the COBOL programmer has a great deal of flexibility in setting and acquiring the password; the programmer can supply a password to AcuServer without requiring any user interaction (the user may remain unaware that a password is required).

To use Acu_Client_Password, declare an external pic X variable named Acu_Client_Password in Working-Storage.

ACU_CLIENT_PASSWORD PIC X(64) IS EXTERNAL

Assign (MOVE) a value to the variable before the program’s first access to a remote file (or better, before the program’s first access to any file).

Option two: user-entered password

If Acu_Client_Password is not defined, the client runtime will open a dialog window requesting that the user enter a password.

A password is required to connect to host hostname.
Please enter a password:

The user must enter a password. The characters do not echo on the screen.

The password is then encrypted and sent to the server for verification. If the password matches, a connection is established. If the password doesn’t match, the user is prompted again to enter a password.

Invalid password
Please enter a password:

The password verification cycle is repeated until a valid password is entered, or the value of the server configuration variable PASSWORD_ATTEMPTS is exceeded (the default value is 3). If you have a situation in which a client connects to acuserve many times in succession, you may want to set the server_PASSWORD and server_port_PASSWORD environment variables on the client. This allows AcuServer to verify the client password automatically, instead of repeatedly prompting the user to enter a password.

For more information about setting these environment variables, see Appendix H in Book 4 of the ACUCOBOL-GT documentation set.

The text displayed by the runtime to prompt for a password and report a failed verification can be modified with the TEXT runtime configuration variable. See Runtime Configuration Variables for more information.