System authentication uses the operating system username and password to authenticate clients. This method is configured in serverConnect.conf. By using this method, you give every console operator an account on the host on which the server runs. The operators log in by using the username and password defined for that account. (The account can be disabled to prevent actual interactive access to the system.) By using this method:
Each console operator has a unique username and password.
Accesses to the system can be traced to a particular user.
Access can be individually revoked.
The use of <SYS> for the password allows the use of common password administration across applications and avoids having the password appear in cleartext in the file in unencrypted installations.
This mechanism can readily be extended to provide similar controlled access for administrators. For example, you could add the following records to serverConnect.conf:
* : fred|george : <SYS> : All * : * : <SYS> : Monitor
This example would grant the users “fred” and “george” All access, once they provide the passwords for their accounts on the host. Other users providing the correct password are granted Monitor access.
You could even define a class of administrative users, for example, with usernames that start with ADM and provide all other users with Monitor access.
* : ADM* : <SYS> : All * : * : <SYS> : Monitor
Console applications automatically prompt for a username and password and do not use clientConnect.conf. In console applications, passwords display as masked characters (*) to avoid displaying the passwords in cleartext. In order for nonconsole applications to prompt, the value <PROMPT> must be used for the SDK username and password in clientConnect.conf.