Software Release Notice for ESAC Enhanced Security Access Control Release 01.32.02 Part # 714-1998 March 17, 1992 Copyright Wang Laboratories, Inc., 1992 DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITIES The staff of Wang Laboratories, Inc., has taken due care in preparing this manual; however, nothing contained herein modifies or alters in any way the standard terms and conditions of the Wang purchase, lease, or license agreement by which this software package was acquired, nor shall Wang Laboratories, Inc., or its subsidiaries be liable for incidental or consequential damages in connection with or arising from the use of the software package, the accompanying manual, or any related manuals. Notice All Wang Program Products are licensed to customers in accordance with the terms and conditions of the Wang Laboratories, Inc., Standard Program Products License; no ownership of Wang Software is transferred and any use beyond the terms of the aforesaid License, without the written authorization of Wang Laboratories, Inc., is prohibited. CHAPTER 1 ENHANCEMENTS VSSECURE now supports a UMDA (User Modifiable Data Area) greater than 8Mb. CHAPTER 2 HARDWARE AND SOFTWARE REQUIREMENTS 2.1 HARDWARE REQUIREMENTS None. 2.2 SOFTWARE REQUIREMENTS VS Operating System version 7.32.02 or later. Device Support Package 4.22.00 or later. CHAPTER 3 CORRECTED PROBLEMS VSSECURE P500011276 The time conversion routine has been corrected so that the last logon date for a new user added to the USERLIST is correct. P500014369 The USERLIST can now be printed more than three consecutive times without VSSECURE going into debug. CHAPTER 4 SPECIAL CONDITIONS 4.1 WHO CAN INSTALL ESAC RELEASE 1.32.02 Only system administrators can install and run the ESAC Release 1.32.02 package. A "Y" in the System Administrator field of the SECURITY user profile designates a user ID as a system administrator. 4.2 UPDATES TO ALL RECORDS OF THE USERLIST FILE Inhibit logons and ensure that no users are on the system before you perform any of the VSSECURE functions listed in Table 4-1 to avoid file access conflicts. This is true during ESAC Release 1.32.02 installation and during normal operation, because the VSSECURE utility, provided in the ESAC Release 1.32.02 package, opens the USERLIST file in Exclusive mode for these functions. Table 4-1. Opening the USERLIST File for Functions Screen Function PF Key ____________________________________________________________________ VSSECURE Manage Encrypt all Passwords 7 System Security Parameters screen (PF3 from main menu) VSSECURE Update Expire Passwords 2 Options for all Every fff Days Users screen (PF6; this screen is a subset of the screen listed above) Lock User IDs if Unused 3 For fff days Allow All Users to 4 Change their own Password Disallow All Users to 5 Change their own Password Expire All Passwords 6 Unexpire All Passwords 7 Lock All User IDs 8 Unlock All User IDs 9 Each of these functions follows the same procedure: it opens the USERLIST file in Exclusive mode, updates each user record as it copies it into a temporary file (named TUSRnnnn where nnnn is a unique value), deletes the USERLIST file, and renames the TUSRnnnn file to USERLIST. The following problems may occur as a result: . While the USERLIST file is open in Exclusive mode, logons and task invokes cannot occur, and such attempts return to the caller the message "Unable to Open Userlist." If you inhibit logons before performing any of these functions, this condition cannot occur. . If the rename fails, the VSSECURE utility cancels and the message "USERLIST Update incomplete - Unable to RENAME new file" appears. If this condition occurs, you can temporarily halt the attempt to install ESAC Release 1.32.02; IPL from another volume; restore a copy of the USERLIST file to the system volume, and perform the installation again. . If the system halts during the very short time between the deletion of the original USERLIST file and the rename of the TUSRnnnn file to USERLIST, there is no file named USERLIST for users to access to log on. Attempts to log on return to the caller the message "Unable to Open USERLIST." If this condition occurs, IPL from another volume and restore a copy of the USERLIST file to the system volume. 4.3 WP PLUS INSTALLATION The WP Plus installation procedure automatically attempts to access the SECURITY utility. However, the ESAC Release 1.32.02 installation procedure replaces the SECURITY utility with the VSSECURE utility. If you install WP Plus after installing ESAC Release 1.32.02, avoid installation errors as follows. While the SECURE procedure (part of the WP Plus installation process) is running, it attempts to run SECURITY. When it cannot access this program, an error screen with the parameter reference name ERROR and the message "File cannot be found" appears. This screen prompts you to enter another program to run. In the File field, replace SECURITY with VSSECURE, then press ENTER. The SECURE procedure resumes. CHAPTER 5 RESTRICTIONS AND SPECIAL CONSIDERATIONS None. CHAPTER 6 MEDIA CONTENTS Library = @SYSTEM@ Protection Blocks Code Module Version Class Allocated Description M ESAC 07.30.00 @ 1 Installation Procedure M ESCFCONV 07.18.03 @ 2 Conversion Utility for ESAC installation M VSSECURE 07.29.39 $ 143 Enhanced Security Utility M -CHANGEPW 07.18.01 @ 7 Change Password Utility M -LOGNCHPW 07.18.01 @ 7 Expire Password Utility Library = @DOCLIB@ O VSSECURE 07.20.00 $ 50 VSSECURE Help text CHAPTER 7 INSTALLATION INSTRUCTIONS These procedures pertain to installing ESAC 1.32.02 on a 7.32.02 VS Operating System on any VS system with a removable disk pack. If the system currently has ESAC installed follow step 7.1. If this is a new install of ESAC or a new purchase of ESAC go to step 7.2. Warning: This procedure deletes the SECURITY utility from the @SYSTEM@ library on the system volume. 7.1 To install ESAC Release 1.32.02 on system running a prior ESAC version, 1. Inhibit logons to the system and ensure all users are logged off the system. 2. Logon the system as a Security Administrator. Overlay the appropriate module(s) onto any 7.32.02 or later Operating System. 3. Re-IPL the system after installation. 7.2 To install ESAC Release 1.32.02 as a new installation, 1. Inhibit logons to the system. 2. Ensure that all users are logged off the system. 3. Log on to the system with a user ID which has System Administrator privileges. 4. Mount the diskette on which the ESAC Release 1.32.02 software is provided. 5. Run ESAC in @SYSTEM@ on [release diskette name]. The Wang ESAC Install Procedure screen appears, with the prompt, "Please specify the restored volume: ffffff." 6. In response to the prompt, enter the name of your system volume, then press ENTER. The following messages appear: Procedure ESAC in Progress Installation in Progress Scratching the SECURITY utility Converting the @SECFILE file When the procedure is complete, it terminates and the command processor menu appears. The message "Procedure ESAC processing completed" appears in the message area. 7. Verify that the completion message does not list any error codes. 8. To install the Help text, run BACKUP with the following input options: Input Volume = (name of release diskette) Input Library = @DOCLIB@ Input File = VSSECURE Input Device = DISK Accept the remaining input default options. Specify the following output options: Output Volume = (name of system volume) Output Library = @DOCLIB@ Output File = VSSECURE Output Device = DISK Clear = NO Do not specify Clear = YES or the system volume will be erased. 9. Verify that VSSECURE is now in library @DOCLIB@ on the system volume. 10. Run the program INFO in @SYSTEM@ on the system volume. Press PF10 (topic utilities) on the topic selection screen. Regenerate the topic directory to include the VSSECURE Help topic text by pressing PF8 from the topic utilities screen. 11. If the installation is successful, proceed. If you encounter a problem, call your Regional Support Center. 12. Dismount the release diskette and store it in a safe place. 13. After a successful installation, you can conserve disk space by deleting installation files which are no longer needed. Delete the files ESAC and SECFCONV in the library @SYSTEM@ on the system volume. 14. IPL the system. 15. Run VSSECURE and press PF13 (information) from the main menu. Verify that the Help text is available. 16. Proceed with normal system operation.