LOGIN_AS_POSTMASTER_ALLOWED
Platforms
All non-z/VM Classic/Classic HPO (no effect under Lite)
Abstract
Boolean variable indicating whether or not a POSTMASTER may be used as a LOGIN_AS_ALLOWED_USERS target.
Example
z/VM: |
<not available> |
Unix: |
LOGIN_AS_POSTMASTER_ALLOWED=1 export LOGIN_AS_POSTMASTER_ALLOWED |
Windows: |
LOGIN_AS_POSTMASTER_ALLOWED=1 |
Details
This Boolean variable setting controls whether or not a LISTSERV POSTMASTER defined in LOGIN_AS_ALLOWED_USERS as a target user (for the purpose of authenticating via an external SSO script with the X-LOGIN AS command) may log in.
By default, the X-LOGIN AS command will return ‘***PRIVUSER***’ if target_user is a POSTMASTER. This may or may not make sense, depending on how you use the feature. In an open federation like Shibboleth, it is unlikely you will wish for random federation users to have control over who can login as root on your systems. In an enterprise with a closed internal network, it could very well make sense to have the central system authenticate all logins, which is essentially what happens when you login to a server as a Domain Admin account – nothing strange or fundamentally insecure about that. Nevertheless, if LISTSERV returns ‘***PRIVUSER***’, WA must fall back to the standard login page.
If you understand the potential issues, and still wish to have a POSTMASTER as a target user, you may enable X-LOGIN AS for a privileged account by setting the LOGIN_AS_POSTMASTER_ALLOWED variable to "1".
Default Value
0, that is, a POSTMASTER user defined in LOGIN_AS_ALLOWED_USERS will not be able to be logged in with the X-LOGIN AS command.
Wildcards
Not allowed.
See also