The FACTS Security System is built into the menu driver where it monitors the number of users logging into FACTS versus the number of licenses purchased.
It relies on an environment variable, called SSI_BASE, and an SMFIDS file to cross reference FID(0), which is the value that appears as Terminal ID in System Management’s Terminal F/M.
SSI_BASE is the heart of the security system, enabling it to determine who is logging into FACTS and how many times. The variable also compares this information to the number of licenses purchased.
Ü Each licensed user can log into FACTS up to nine times, as long as they do so with the same FACTS user code and on the same workstation.
In any SSI_BASE discussion the word unique appears often, and with good cause. How FACTS uses SSI_BASE is the reason why administrators shouldn’t rely on psuedo ttys as SSI_BASE values, and why SSI_BASE needs to be recognized as early as possible in the start up procedure.
When users log into FACTS, the security system captures the SSI_BASE value and SME100 checks the SMFIDS file for the SSI_BASE to determine and set the Terminal ID. These Terminal IDs remain in SMFIDS as long as the User ID is maintained. Every time a user starts a session, the first session will be Terminal ID TA, for example; the second session will be terminal ID TB and so on.
The following table shows a NT/PC user, JohnD, who successfully signed into FACTS three times. He can log into the system six more times with the user code "SSI" without experiencing any problems.
|
|
SSI_BASE |
If UID OK, |
If NID OK, |
If TCP/IP OK, check C0$(1,3) |
If C0$(1,3) OK, check … |
|
Session 1 |
john |
UID=JohnD |
NID=Iron |
TCP/IP=123.1.1.1 |
User code=SSI |
|
Session 2 |
john |
UID=JohnD |
NID=Iron |
TCP/IP=123.1.1.1 |
User code=SSI |
|
Session 3 |
john |
UID=JohnD |
NID=Iron |
TCP/IP=123.1.1.1 |
User code=SSI |
When the user launched the first session, the FACTS security system noted network signon (UID), the PC’s network ID (NID), the PC’s TCP/IP address and the FACTS user code.
As new sessions are launched, the security system checks each of these identifiers in succession. As soon as one fails to match, it drops all sessions for that SSI_BASE.
In the following table, for instance, one user launched two FACTS sessions successfully. However, the third attempt failed because the security system detected a network signon for SSI_BASE=john that differs from the first two sessions. This indicates that same SSI_BASE value may have been set in two different autoexec.bat files.
|
|
SSI_BASE |
If UID OK, |
If NID OK, |
If TCP/IP OK, check C0$(1,3) |
If C0$(1,3) OK, … |
|
Session 1 |
john |
JohnD |
Iron |
123.1.1.1 |
SSI |
|
Session 2 |
john |
JohnD |
Iron |
123.1.1.1 |
SSI |
|
Session 3 |
john |
MaryF |
Quartz |
127.3.3.3 |
SSI |
The next example shows a user trying to launch a third FACTS session with a different FACTS user code. His third attempt will be successful, but when he returns to the other two sessions and tries to open a program, "User Not Signed On, CR-Continue" will display at the bottom of the screen.
|
|
SSI_BASE |
If UID OK, |
If NID OK, |
If TCP/IP OK, check C0$(1,3) |
If C0$(1,3) OK, … |
|
Session 1 |
john |
JohnD |
Iron |
123.1.1.1 |
SSI |
|
Session 2 |
john |
JohnD |
Iron |
123.1.1.1 |
SSI |
|
Session 3 |
john |
JohnD |
Iron |
123.1.1.1 |
MAR |