Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!columbia!rutgers!ucla-cs!zen!ucbvax!VTVM2.BITNET!CVMMEB
From: CVMMEB@VTVM2.BITNET ("Mary E. Bainter")
Newsgroups: comp.os.vms
Subject: RE: General ID to generate specific ID
Message-ID: <8707242141.AA27263@ucbvax.Berkeley.EDU>
Date: Fri, 24-Jul-87 14:36:42 EDT
Article-I.D.: ucbvax.8707242141.AA27263
Posted: Fri Jul 24 14:36:42 1987
Date-Received: Sat, 25-Jul-87 15:35:29 EDT
References: 
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 36

I don't remember who asked, so I'll send this out -- and those of you that
want to correct me, I'm always willing to learn (I'm a NEW sys. mgr.)

In response to the one who wanted a general ID for the initial logon which
would generate new and unique userids -- here's what I'd start with :

First of all, as you said, the account would be captive via the login.com
and all CTRL-Y's etc would be trapped and thrown to routines to handle them.
I would set this ID up with the CMKRNL priv AUTHORIZED (NOT default). When
they logged in, I would gather all the necessary info, create a brand new
directory for them (not a subdirectory), and run some sort of batch file to
actually set up their account in authorize.  THEN, I'd  do the following :
$ SET PROC/PRIV=CMKRNL
$ SET DEFAULT [new account dir]
$ SET UIC [new uic]
$ SET PROC/PRIV=NOCMKRNL

Things you might want to look into/think about :

- To run authorize, you must be SYSTEM -- do you REALLY want them
to be SYSTEM -- this can be dangerous if there are any possible holes
in the "captive" procedure.

- Do you really want them to have CMKRNL at all??  I'm not sure, but you
it might be a good idea to see whether or not they'd still be able to give
themselves CMKRNL after begin moved to the new directory (applicable only to
their first login).  I THINK that, since you've changed their UIC, they won't
be able.

- I usually COPY account with some parameter (in AUTHORIZE) to add a user,
most of our users are similar.  So, the parameter list for ADDing a user
might be a little more complex for a batch file (I doubt it, I really think
it shouldn't be any trouble.)

Like I said, I'm new at being a system manager, so I may have missed something
important but maybe this will at least give you some ideas.