u71 user exit

The u71 user exit sets the HAForceCheck option programmatically. See the Host Authentication topic in the System Administration Guide for more information on host authentication.

Syntax

code = oconv(n, "u71" )

Parameter(s)

n Can be one of the following numberic values:
0 Disables the HAForceCheck option.
1 Enables the HAForceCheck option.
2 Returns the current setting for the HAForceCheck option.

If the value is changed, the change lasts until the line exits. The next connection to that line will use the default HAForceCheck value:

  • UNIX: HAForceCheck is disabled

  • Windows: The current setting as specified from the D3 Device Manager.

Example(s)

This example illustrates using the u71 user exit to change HAForceCheck at runtime.

Suppose you want your application to manage whether or not a user will be prompted for logon credentials, but would still like to utilize Host Authentication when a challenge is required. To implement this configuration, make sure the default HAForceCheck value is disabled, which will send telnet users straight to the D3 md prompt without challenging for logon credentials. The user macro in the users item should run your application. In other words, the user does not get access to TCL. Your application will do whatever checks you want it to do to test whether the user will be challenged.

For example:

  1. Test if oconv( "2", "u71" ) returns 1, which means HAForceCheck is already set, implying that credentials were already checked and the user can proceed.

  2. Identify the IP address from which the user connected. On Windows this may be accomplished by using nt_pinfo, and on Unix by using !d3 qn (note that the success or failure of this technique is dependent upon the terminal emulator used and/or other factors).

    • If you deem the address as trusted, the application continues as normal.

    • If you deem the address as untrusted, or if the IP address was not successfully retrieved, the application will perform an oconv( "1", "u71" ) to enable the HAForceCheck flag and then chain "off". This time around, the user will be challenged for logon credentials before being granted access to D3 and oconv( "2", "u71" ) will return 1 because you had set HAForceCheck.