The VA's broker-based single sign-on solution is extremely problematic for some of the reasons outlined below. It will also not work where concurrent NT logins are allowed or where generic user accounts are in use. But most seriously, if a broker application terminates improperly, any subsequent login will be automatically authenticated as that user. It is simply not a robust solution and there are very few environments where it can be considered safe.
Doug -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sommers Sent: Friday, June 09, 2006 11:52 PM To: hardhats-members@lists.sourceforge.net Subject: Re: [Hardhats-members] CPRS auto log in It tracks it via IP which is why it has to be disabled when using Terminal Services since all users are logged into a multi-session instance from the same IP (ie terminal/citrix server) So if you login via RPC from IP 192.168.0.2, it'll track that so that any future logins just "let you in". I don't think it was meant to be secure by any stretch of the imagination. That process with be susceptible to many methods of intrusion including man-in-the-middle and impersonation. /David. David Sommers, Architect | Dialog Medical -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Gray Sent: Wednesday, June 07, 2006 11:52 AM To: hardhats-members@lists.sourceforge.net Subject: Re: [Hardhats-members] CPRS auto log in I found the documentation on how to control from a system point of view using the fields in file 200 and the Kernel Parameters file. I did not find anything about how to control this from a programmer perspective. Is there documentation on that issue? Jim Gray ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <hardhats-members@lists.sourceforge.net> Sent: Tuesday, June 06, 2006 3:05 PM Subject: Re: [Hardhats-members] CPRS auto log in > It uses the auto logon feature of the RPC broker, the broker handles > all of the particulars in regard to who is who. > > ----- Original Message ----- > From: James Gray <[EMAIL PROTECTED]> > Date: Tuesday, June 6, 2006 2:11 pm > Subject: [Hardhats-members] CPRS auto log in > To: hardhats-members@lists.sourceforge.net > Cc: [EMAIL PROTECTED] > >> How does the auto-login feature of CPRS work. How does it know >> who you are and to assign the right DUZ? >> >> Jim Gray > > > _______________________________________________ > Hardhats-members mailing list > Hardhats-members@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/hardhats-members _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members