Passwords

When a password is assigned to an entry in the server access file, requesters who match that entry must return a matching password to AcuConnect. In a distributed processing environment, the client application has two options for acquiring and sending a password back to AcuConnect. In thin client, only option 2 applies.

Option 1: Program Variable

The requesting application may include code that checks for the program variable acu_client_password. If defined, its value is considered an unencrypted password, which is then encrypted and sent to AcuConnect for verification. If the value does not match the value in the access record, the connection is refused. Using acu_client_password, the COBOL programmer has a great deal of flexibility in setting and acquiring the password. The programmer can supply a password to AcuConnect without requiring any user interaction (the user may remain unaware that a password is required).

Option 2: User-entered Password

If acu_client_password is not defined, the client runtime opens a dialog window requesting that the user enter a password.

A password is required to connect to host hostname.
Please enter a password:

The user must enter a password. The characters do not echo on the screen.

The password is then encrypted and sent to the server for verification. If the password matches, a connection is established. If the password doesn't match, or if the user enters a blank password (by pressing Enter or clicking OK), the user is prompted again to enter a password:

Invalid password
Please enter a password:

The password verification cycle is repeated until a valid password is entered, or the value of the server configuration variable PASSWORD_ATTEMPTS is exceeded (the default value is "3"). The text displayed by the runtime to prompt for a password and report a failed verification can be modified with the TEXT runtime configuration variable. See Creating a Server Configuration File for more information about these configuration variables.