Single Sign On (MyLogin) for 6530 emulators

In the good old time, interactive access to a Tandem system was performed through a dumb asynchronous terminal (you remember the 6530 type terminals, possibly even the ADM2 and ADM3 type terminals in the late 70s?).  They were point-to-point wired to the Tandem system.

In case you needed multiple access paths into the Tandem system, you needed multiple terminals on your desk, and an equivalent number of lines.  This was boring?

When Multi LAN became introduced, followed by TCP/IP and TELNET, terminals were replaced by PCs, running terminal emulators, such as WIN6530 from comForte, or CAIL.  These emulators allow more than one access path (= window) into the Tandem system from the same place (= PC) at a time.  This is a great relief!

To establish a session, the terminal emulator sends a request to TELNET, which replies with a list of configured services.  From this list, the user has to choose one.

For the interactive Tandem user (operator, developer, system manager), TACL is the resource of choice.  When TACL is started, it is logged off and has to be activated through a logon: The user has to present his system known ID (GUARDIAN or Alias name) and the corresponding password.  When this is accepted by the system, TACL represents the user on the system and allows him to do all those things, the security system allows him to do.

Logging on to one window is no big deal.  But when several windows have to be started (developers and operations people love to have a bunch of active ones), the logon procedure is boring ? especially when they have to be established every day, or multiple times a day.

Some terminal emulators allow to script the logon procedure, but this requires to hard code the password somewhere in the script.  And when the password has to be changed, the trouble begins again.  Beside all this: It is not very secure... (no ? no discussion about passwords!).

The question is: Why does the Tandem system not 'see', that I'm coming from an environment (= IP address, PC etc.) from where I already logged on a few seconds ago, and does not take this knowledge to automatically log me on to a subsequent window I start!

Or even: In case I'm establishing the session from a system, to which I already logged on to:  Why not taking this as a fact, and using it to authenticate me on the Tandem system as well?

Wouldn't it be nice when the system finds out by itself, who is opening the window by talking to the PC and retrieving the PCs user name (Win NT, Win2000, WinXP), and automatically starting an already logged on resource (single logon for PC and NSK)?

Or in case it does NOT get the users name: What about making the system aware of an already logged on user on the PC, and forcing it to start the resource in newly opened windows already logged on, when:

• there is an already logged on resource running on the same IP address, and
• the start is done within a given time frame after the last successful real authentication

In this case, no password has to be coded anywhere, and the end user gets easy AND secure access in multiple Win6530 emulator windows to his Tandem System.

MyLogin from GreenHouse performs exactly this.

MyLogin Management

Manage MyLogin with the browser based management system iWAMS, the integrated Web Administration Management Suite.
iWAMS allows the central management of GreenHouse products within an EXPAND network, where the manager can switch between nodes without the need to re-logon, and a context sensitive switch between products.