I am sorry, but that set of rules WILL work in VM:Secure.
To quote the Rules Manual:
<quote>
When two or more rules in a file govern a particular access request,
VM:Secure establishes an order of preference based on how precisely
the requester is specified.
In order of preference, a rule is chosen that indicates:
1.A specific user ID as requester
2.A specific group as requester
3.An asterisk (*) as requester; this indicates all user IDs
</quote>
So, when someone NOT mentioned in the specific ACCEPT
rule tries to logonby, the REJECT
* LOGON catches them.
But if the user specified in the accept attempts it, the ACCEPT
rule is more specific and will allow the logonby.
In fact, the manual gives an example just like Richard's rules,
except that it is dealing with LINK requests:
REJECT * LINK 191 RR
ACCEPT FRAISERC LINK 191 RR
Shimon
> Richard Schuh wrote:
> >And with VM:Secure, you can accomplish the same effect by using the
> Rules Facility. With >the following rules, the actual password is
> immaterial:
> >
> > REJECT * LOGON
> > ACCEPT userx LOGONBY
>
> That doesn't work. The REJECT * LOGON rule takes precedence, and you
> don't even get a chance to enter your password for LOGONBY. Set the
> password to LBYONLY and create ACCEPT xxx LOGONBY rules for the userids
> you want to log on. That's all you need. If you don't have VM:Secure
> or another external security manager, then set the password to LBYONLY
> and add LOGONBY statements to the directory.
>
>
Dennis O'Brien
>
> 39,556
--
************************************************************************
Shimon Lebowitz mailto:shim...@iname.com
VM System Programmer .
Israel Police National HQ.
Jerusalem, Israel phone: +972
2 542-9877 fax: 542-9308
************************************************************************
