With this ENABLE list, PMDF does not know anything about LDAP. PMDF is not
looking at LDAP directly at all. The only thing you are telling PMDF about is
the SYSUAF, so PMDF only checks with SYSUAF to look for the username and
password. Anything having to do with LDAP is being done by OpenVMS itself,
which PMDF is completely unaware of and has nothing to do with.
If you want PMDF to check LDAP for the username/password, you have to configure
PMDF to use LDAP directly. You have to specify the LDAP authentication source
on the ENABLE line, and configure the AUTH_SOURCE=LDAP section. Configuring
PMDF to use LDAP is documented in the System Manager's Guide, chapter 14.
Valerie Miller
Process Software
I'm guessing that something about logging in directly (such as via telnet)
is triggering OpenVMS to synchronize the passwords between SYSUAF and LDAP.
I'm also guessing that what PMDF does to check the SYSUAF for the username
and password does not trigger OpenVMS to do that synchronization (PMDF
accesses the SYSUAF by calling SYS$GETUAI).
Any pre-existing program which does its own authentication (ie by
reading SYSUAF directly or by calling $GETUAI) will not trigger this
update. One would hope that the vendors will, over time, modify their
code to use the $ACM routines so that they can automatically integrate
with whatever authentication method the site has chosen. {HINT,HINT).
Using the $ACM services also triggers auditing, breakin detection, etc
(features which must otherwise be replicated by the vendors own code in
order to provide a proper security environment)