[VAX83D.SEAFAC.SETPRV]AAAREADME.TXT


       **************  Privilege On Demand Utility  ******************

              
    
                          SSgt. Michael D. Weaver
                    Directorate of Avionics Engineering
      			          ENASF
                   Systems Engineering Avionics Facility
                       Aeronautical Systems Division
                          United States Air Force
                 Wright-Patterson Air Force Base OH 45433
      		         513-255-3586	Autovon 785-3586 
    
    
    
                This system provides an audit trail for the use
            of privileges in the form of an operator log and
            can be used as a direct pointer to image accounting
            when questions arise. Also justification for the use
            of privileges is obtained and is part of the message
            sent to the operator.


      		Features of the Privilege on Demand Utility

                 1. Double passwords for privileges.
                   Because of the password associated with the use of
            this utility the password to an account should not be
            compromised. Also due to the password, privileges
            can be linked to a person rather than an account.

                 2. Transportability across accounts.
                With this system no privileges are required in
            the UAF. To free a "hung system" the system manager
            could use a normally unprivileged account stop the
            process which caused the hang and reset the system
            to normal. Privileges are only available until they
            are "RESET" or until "LOGOUT".

                 3. Forces awareness.
                   For system management personnell this system is
            a valuable training tool. Inexperienced users are
            forced to understand what the minimum privileges
            are to accomplish a specific task, and what some
            of the implications might be for using privileges.