AcuServer Connection Logic

The AcuServer connection validation logic is described here to clarify the use of the server access file and the DEFAULT_USER configuration variable.

When a client process (running application) makes its first request to AcuServer, AcuServer performs the following access validation procedure whether AcuServer system security or native system security is being used.

To validate the requester's access privileges, AcuServer:

1. Opens the server access file.
2. Searches for a record that matches both the client machine name and the client user name.
3. (If no match is found) searches for a record that matches the client machine name and a match all (blank) client user name.
4. (If no match is found) searches for a record that has the "match all" ("*") client machine name and the client user name.
5. (If no match is found) searches for a record that has the "match all" ("*") client machine name and the match all (blank) client user name.
6. (If no match is found) refuses the connection.

When a match is found, and the named-pipe form of security is turned on (via the SECURITY_METHOD variable), and the client user has an account on the server, AcuServer automatically grants the user permission to connect. The AcuAccess file does not set the client user's local username, nor does it determine whether the client is required to enter a password.

When a match is found and the LOGON form of security is turned on, AcuServer attempts to use the value of the matching password field in the AcuAccess file to log the user on. If the password isn't valid or the password field is empty, the user is prompted to enter a password. If a valid password is given, the requester is logged on, otherwise the connection is refused.

When a match is found and AcuServer system security is being used:

1. If the Local Username is valid, it is used.
2. If the Local Username is not valid, DEFAULT_USER is used.
3. If the Local Username is not valid and DEFAULT_USER is not valid, the connection is refused.

If the Local Username is valid and the password field is defined, a message is sent back to the requester asking for a password. See Passwords for more information about password handling.

When the client process terminates, the client-server connection is broken. New client applications requesting AcuServer services will go through the verification process to establish a connection.