logo
Powered by QM on a Rpi server
Home
About OpenQM
Sales and Downloads
  Get QM Today
  Current Downloads
  Evaluation Licence
  What's New
  Resources and Solutions
  Pay Invoice Online
  Archived Releases
  Activate Package Trial
Help and Support
About
Login

KnowledgeBase 00018: User Security Issues

Last updated: 22 Jul 2016
Applies to: All versions
Search  
Top level index       Full Index Search Tips
Previous article     Next article

How do I set up a user name and password?

This all depends on what operating system you are using and how you connect to your QM server....


Windows 98, ME

These versions of Windows do not include an adequate user authentication mechanism for QM so we implement our own. User names and an initial password are created using either the CREATE.USER or ADMIN.USER commands. Users connecting via a telnet style connection will be prompted for authentication. Users of QMConsole on the server itself are assumed already to have passed authentication and will not require to enter a user name.

Some users of Windows 98 and ME do not want user authentication. The SECURITY command can be used by system administrators to turn off authentication.


Later Versions of Windows

These versions of Windows include comprehensive user authentication features and users connecting to QM via a telnet style connection will need to enter a user name and password that are known to Windows. These are created using the user administration functions of the Windows Control Panel. The user's QM process runs as the selected user and will have the access rights appropriate to that user.

Users of QMConsole must already have been authenticated when they started the Windows system and hence do not need to re-enter the authentication data.

Because QM needs to create the user's process as the selected user, it is not possible to turn off user authentication on these systems.

There may be times when system administrators do not want all users who have valid Windows user names to be able to use QM. This can be achieved by using the SECURITY command to activate QM's own security system. Once this is enabled, only users who are also registered for QM using the CREATE.USER or ADMIN.USER commands will be allowed to start QM processes.

Regardless of the Windows platform in use, QM maintains a central register of user names in a file with restricted access. This file enables administrators to specify that a particular user is to be taken directly to a specific account rather than entering the account name at a prompt. Individual users can also be granted administrator rights which allow them to use restricted features such as the user management tools.


Linux, FreeBSD, Mac OS X, AIX

These operating systems include full user authentication and users connecting directly to QM via a telnet style connection will need to enter a user name and password that are known to the operating system. These are created using standard operating system utilities. The user's QM process runs as the selected user and will have the access rights appropriate to that user.

Users entering QM from an operating system command prompt must already have been authenticated when they logged in and hence do not need to re-enter the authentication data.

Because QM needs to create the user's process as the selected user, it is not possible to turn off user authentication on these systems.

There may be times when system administrators do not want all users who have valid operating system user names to be able to use QM. This can be achieved by using the SECURITY command to activate QM's own security system. Once this is enabled, only users who are also registered for QM using the CREATE.USER or ADMIN.USER commands will be allowed to start QM processes.


Who can execute system administration commands?

For obvious reasons, the user management commands referenced above must be restricted to users who are considered to be system administrators. Some commands also can only be executed from the QMSYS account.

A user is an administrator if any of...
1. They are defined as an administrator on Windows NT or later.
2. They are executing with user id 0 (root) on Linux, FreeBSD or Mac OS X.
3. They are using QMConsole on a Windows system.
4. They are running as a user defined as an administrator using ADMIN.USER


Related Articles

None.



Please tell us if this article was helpful
Very     Slightly     Not at all
Comments
Email (optional)