PreviousNext
Help > EASYCOM Server > EASYCOM behavior > EASYCOM Exit Programs > Logon and access security > Logon control - EACLOG002
Logon control - EACLOG002

 EACLOG002 is an exit program for general authentication process.

This program is called after the authentication made by Easycom.

This exit program is called on all authentication situations (normal, SSO, and EIM).

It can be used to audit the Easycom usage and/or deny connections from custom criteria.

EACLOG001 is the previous version of EACLOG002; it won’t be called if EACLOG002 is implemented.

EACLOG002 has only two more parameters for IP version and SSL condition.

 

The prototype is:

PGM PARM(&LOGTYPE &RC &LOGUSER &LOGDOMAIN &USER

&IPADDR &STATION &IPVERSION &SSL)

DCL VAR(&LOGTYPE) TYPE(*CHAR) LEN(10)

DCL VAR(&RC) TYPE(*CHAR) LEN(10)

DCL VAR(&LOGUSER) TYPE(*CHAR) LEN(130)

DCL VAR(&LOGDOMAIN) TYPE(*CHAR) LEN(130)

DCL VAR(&USER) TYPE(*CHAR) LEN(10)

DCL VAR(&IPADDR) TYPE(*CHAR) LEN(130)

DCL VAR(&STATION) TYPE(*CHAR) LEN(130)

DCL VAR(&IPVERSION) TYPE(*CHAR) LEN(1)

DCL VAR(&SSL) TYPE(*CHAR) LEN(1)

 

&LOGTYPE is input, and tells which logon is being processed. The possible values are:

*STD: this is a standard login/password logon (&LOGUSER and &LOGDOMAIN are not available)

*EIM: this is an EIM logon. No password is available. &LOGUSER, &LOGDOMAIN and &USER are applicable.

*SSO: this is an Easycom kind SSO. All fields are available.

 

&RC is the result of the command. This can be used to deny the user or indicate that the OS/400 user was changed.

The possible values are:

*OK: the logon remains granted

*CHG: the &USER parameter is changed by the exit program. Note: the &USER user will not have a password validation.

*OUTOURS: the logon is rejected because of hours of work.

*DENY: the logon is denied.

 

&LOGUSER is the Windows username. This is filled only in *EIM or *SSO mode for &LOGTYPE.

&LOGDOMAIN is the Windows domain. This is filled only in *EIM or *SSO mode for &LOGTYPE.

&USER is the OS/400 user. This is the OS/400 user under which the Easycom job will run.

&IPADDR is the IP address of the client connection. This can be used to filter access or for auditing.

&STATION is a string that represents the station of the client connection. This can be the real machine name (the name that corresponds to the IP address) or the Terminal name, if the connection is made thru an RDP connection.

&IPVERSION is equal to 4 or 6 depending on the TCP/IP network version used for connection. (IPv4 or IPv6)

&SSL is equal to ‘Y’ is the connection is using SSL and ‘N’ if not. SSL negotiation is already made currently.