This directory contains AUTH_ID, a program to allow a non-privileged
user the restricted capability to grant and revoke identifiers to other
users.   This is useful for allowing a project team leader control over who
his team can touch what files.   Security conscious system managers will note
that audit messages are sent to the security operators when anything "drastic"
is done with AUTH_ID.  The definitions and rules with AUTH_ID follow:

	o  A user is said to CONTROL an identifier if he can grant or
	   revoke it from another user.

	o  A user who controls an identifier can grant or revoke control
	   of that identifier to another user.  He can also show who
	   possesses that identifier and list out all other users who control
	   that identifier.

	o  A user with SYSPRV privilege, or UIC less than MAXSYSGRP controls
	   all identifiers.  Furthermore, this user can also see (directly)
	   what identifiers a given user can control.

	o  Any user who controls an identifier can grant and revoke it
	   to any other user.

	o  Whenever control of an identifier has been granted or revoked from
	   a user, a message is sent to all SECURITY operators.  If security
	   alarms are on for AUTHORIZATION, then granting and revoking of the
	   actual identifier will send out SECURITY alarms.

AUTH_ID is a privileged image and should be installed with SYSPRV.

************************************ NOTE ************************************
*                                                                            *
*     Due to a security problem in the previous release of AUTH_ID, it       *
*     is STRONGLY suggested that this release be used to replace the old     *
*     one.                                                                   *
*                                                                            *
************************************ NOTE ************************************

The module PARAMS.MAR contains the name of the AUTH_ID control file and the
help library name.

A command procedure GO.COM has been provided to rebuild AUTH_ID and its help
library.  The object library AUTH_ID.OLB has all the object files from the
last rebuild.   Some of those routines (like PARSE_UIC) might be useful for
one of your other projects.

The files necessary to run AUTH_ID and their default locations are:

	(SYS$COMMON:[SYSEXE])AUTH_ID.EXE	Built by GO.COM
	(SYS$COMMON:[SYSHLP])AUTH_ID.HLB	Build by GO.COM
	(SYS$COMMON:[SYSEXE])SYSIAF.DAT		Created by AUTH_ID when run
						by a privileged user.

AUTH_ID.EXE and AUTH_ID.HLB must be manually moved to their directories.

One warning about AUTH_ID:  Let's face it, this code is UGLY!  If you want
to make any changes, study the code well -- it interacts in some very strange
ways at times!  (A rewrite in a more understandable form is in the works -- Real
Soon Now.)

						Eric F. Richards
						Gould Ocean Systems Division
						18901 Euclid Avenue
						Cleveland, OH  44117
						216/486-8300 Ex. 3073

[13-Apr-1987]