EACF Release Notes 7/18/1994 I've done a lot of testing of EACF, but some rough edges may still appear in things. However I have used the setup and file marking menus now so that I believe the material in there works. If you use the jt_sel_mark.com script, that one uses the CSWING supplied as a front end. The jt_setup script now will do an adequate job of producing a setup script for EACF. I now have both Step 1 and Step 2 AXP versions of the driver code for EACF, though these need some testing. Also, EACF has been tried only on a single VAX system, and multi disks have not yet been tested extensively (though a couple tests did work). However, there is a user interface and much basic technology has worked correctly in those tests that have been done. Note that EACF can be enabled or not enabled for each disk drive. There is a setup script, jt_setup.com, that will generate a startup script for EACF. At the moment it generates a script that uses one daemon for all disks. It can be run after installing...no kitinstal yet. To install, place the following files in sys$system: jtdriver.exe jtdmn.exe jtdmn.cld jtauthmaint.exe jtdolog.exe zmenu.cld zmenu.exe zmenu_scroll.exe and optionally jtenter_passwords.com jt_setup.com jtmark_files.com jt_sel_mark.com cswing.exe There's no help file yet; jteacf.doc does exist but is still somewhat sketchy. EACF_USER_MAN.TXT is a start on a user doc. remainder is older text To run EACF on a disk for tests, the jt_setup.com file is supposed to get this set up for you, but may not work...it's brand new and time to debug it has been limited. Its scripts look ok now, just so you're willing to have one daemon for all disks. I'll add a section to do multiple ones (you'd be able to use the daemon from the last disk OR start a new one, to simplify matters). It's reasonably intuitive. The security key you enter into the script must match the one used in jtmark_files to tag files. When you mark a file with identifier, base priority, or replacement priv mask tags, the key entered must match the key the disk drive is connected with; a crypto authenticator check is made to ensure this, and the priv/prio/ident changes don't happen unless these match. To set the system up first pick a place to hold the EACF database and assign it /system/exec as JTD$DB and GCY$CM. For example $ crea/dir sys$sysdevice:[eacfdb] $ ass/sys/exec sys$sysdevice:[eacfdb] jtd$db $ ass/sys/exec sys$sysdevice:[eacfdb] gcy$cm These logicals must be defined for the EACF system to work right. You can create a short .com file. Suppose the disk where you'll have files you try this with is named DKB500: Create a command file (let's say in sys$manager:jtgo.com) that reads like this: $set proc/priv=(all,nobypass) $set command sys$system:jtdmn $mcr sysgen connect jta0:/noada/driver=jtdriver $jtdmn/fcnmsk:66435/key:OURSECRET JTA0: DKB500: $logo Now (from an account that's fully privd or has setprv) use the command $run/detach/auth/input=sys$manager:jtgo.com/output=sys$manager:jtgo.log - sys$system:loginout which will start up the daemon. (The log file can be nla0: once you get this working...if anything fails, though, it will help in finding out what did.) Now you will, after a pause while the detached process gets going, and assuming all's well, see that device JTA0: will go online $ show device jta0: jta0: Online At this point the access controls are in place. Either before or after doing this, you can mark files on the disk to control their access. This is best done by using the $@jtmark_files command which gives a fullscreen user menu interface. It doesn't do absolutely everything, but covers most of the territory and seems to be working fairly well. It assumes jtauthmaint.exe is in the sys$system area and that the jtd$db area is defined. The jteacf.doc file tells about the "raw" interface which nobody will want to see. I suggest ignoring it... Passwords should be entered by defining a command $fpassword:==@sys$system:jtenter_passwords and then using a command fpassword filespec password which will prompt if you leave one off. You'll see that if you enter a file password, password protected files can be accessed, and not otherwise, if the files are marked that way. I prefer to mark files first, then turn access controls on, to avoid the possibility of conflicts, but the order really doesn't matter. Note about soft links: Soft links on files should be made only to files on disks controlled by EACF. If this isn't done, the user process channel to the file can't be put back, and you may see odd errors. (None I've ever seen were harmful, just "no such file" or "invalid directory format" that disappear after you do enough to cause a new channel assign to the channel, but they're annoying and could really scare someone.) If you stay on disks EACF controls, cross-disk links are perfectly OK. The setup above doesn't do this...you'd need to duplicate it on another disk or try the jtdmn /share:jta0: qualifier (since one EACF daemon can service many disks). The setup script will attempt to set up disks correctly. Note my testing was done with the daemon running in one DECwindow and with file access being run in others. Please remember this is an initial demo. I'm supplying .obj and .exe files (linked on vms 5.5-2). If there are questions or help is wanted please phone me. Glenn C. Everhart Everhart@Arisia.GCE.Com 610 358 5875