From:	CSBVAX::MRGATE!info-vax-RELAY@KL.SRI.COM@SMTP  8-JUN-1988 08:08
To:	ARISIA::EVERHART
Subj:	Re: Setting the 'user' for a process


Received: from ucbvax.Berkeley.EDU by KL.SRI.COM with TCP; Fri, 3 Jun 88 23:15:51 PDT
Received: by ucbvax.Berkeley.EDU (5.59/1.28)
	id AA20547; Fri, 3 Jun 88 17:49:25 PDT
Received: from USENET by ucbvax.Berkeley.EDU with netnews
	for info-vax@kl.sri.com (info-vax@kl.sri.com)
	(contact usenet@ucbvax.Berkeley.EDU if you have questions)
Date: 2 Jun 88 03:48:49 GMT
From: oodis01!uplherc!nrc-ut!nrcvax!kvc@tis.llnl.gov  (Kevin Carosso)
Organization: Network Research Corp.  Oxnard, CA
Subject: Re: Setting the 'user' for a process
Message-Id: <1494@nrcvax.UUCP>
References: <679@acer.stl.stc.co.uk>
Sender: info-vax-request@kl.sri.com
To: info-vax@kl.sri.com

In article <679@acer.stl.stc.co.uk> scott@stl.stc.co.uk (Mike Scott) writes:
>I want to be able to create a process to run with a different username
>from the creating process. Normally processes are created with a
>username the same as the creating process - loginout is the only
>program I know which can set the username.
>
>This is connection with some networking software - I want to write the
>equivalent of the un*x 'rshd' for VMS (to use with the CMU/TEK TCP/IP
>software), so need to create processes with a given username, but
>without the full rigmarole of loginout asking for information.
>
>Can anyone help please, or perhaps someone already has written this
>code anyway (ever hopeful :-) ??

The best way to do this is to use the mechanism DECnet uses.  There is
an undocumented feature in LOGINOUT whereby if you create detached
process with LOGINOUT as the image to be run and the NETWORK attribute
in the process flags (all this using $CREPRC, of course), LOGINOUT treats
the INPUT, OUTPUT, and ERROR parameters specially.

I don't remember which is which, but for one you pass a string with the
name of the command procedure or executable image (if the file spec has
..EXE for file type) to be executed once the login information is verified,
and for another you pass a string with some flags, the username, the
password, and the account name (unused currently) as embedded ASCIC
strings.

I will try to dig up a little example program I wrote once that demonstrated
this feature of LOGINOUT.  Your problem will be figuring out how to use
something like this from a CMU TCP/IP server.

I actually used this feature when I rewrote the FTP server for the old
Tektronix TCP/IP (the precursor to the CMU version).  I had to add a
mechanism to the TCP ACP to allow processes to, in a controlled fashion,
to pass TCP connections between one another.  My server was really nice,
since it supported every feature of VMS LOGINOUT, including DISUSER flag,
password expiration, access times, etc.  Unfortunately, CMU started with
a different branch of the Tektronix code, so my server never got out
to the wider world (and since they don't have a QIO to pass connections,
it can't be ported to their version).  I've still never seen another
FTP server that handled VMS validation as well.

        /Kevin Carosso                     kvc@nrc.com
         Network Research Co.              kvc@ymir.bitnet
                                           kvc@nrcvax.uucp