
     README.TXT                                        FSLOGIN 1.50
     --------------------------------------------------------------

     Full Screen Login

     A utility for all Novell NetWare users.

     ͻ
                 Please enter your Login Data            
     ͹
                                                         
           Server      YOUR_SERVER................       
                                                         
           Userid      YOUR_USERID................       
                                                         
           Password    ...........................       
                                                         
     ͼ









                       Ŀ
                 Ŀ                   (R)
               ĳ         o    
                    Ŀ   Association of
                               Shareware
                 ĳ    o        Professionals
               ĳ        
                         MEMBER









     FSLOGIN is a registered trademark of Confirm.

     Netware is a registered trademark of Novell, Inc.

     (c) Confirm 1993, All Rights Reserved             October 1994
     --------------------------------------------------------------
     
     FOREWORD

     The idea to start with a login program actually came
     from users, who were dissatisfied with the standard
     command line utility. They wanted and needed
     'something' more than a few lines of text on the screen
     when login was not possible, a better 'guidance'
     through the changing of passwords and an easier way
     to do what they have to do every day. And that is login
     to one or more servers.

     FSLOGIN version 1.0 was first published on March 1,
     1993. In due time lots of new ideas were integrated in
     the product. FSLOGIN provides support for NetWare
     Name Service. This feature allows use of FSLOGIN in
     Name Service Domains without losing any functionality
     of NNS itself. For those sites that do not use NNS, but
     have accounts defined on more than one server,
     FSLOGIN has a Server Group feature that takes care of
     password synchronisation among servers in that group.
     Version 1.5 adds features that result in an extra
     security wall when accessing your corporate LAN with
     dialin PC's.

     A big thanks goes to a group of colleagues, friends and
     customers who have done a fine job of looking, testing,
     talking, phoning, faxing and criticizing. They helped,
     and often still help FSLOGIN growing. If you have any
     suggestions for improvement of this product, don't
     hesitate to tell us. It is our goal to make Full Screen
     Login as user friendly as possible.


     The author: Aad Slingerland
     
     TABLE OF CONTENTS

     CHAPTER 1: THE PURPOSE OF THIS PROGRAM

     CHAPTER 2: HOW TO INSTALL

     CHAPTER 3: HOW TO USE

     CHAPTER 4: SPECIAL KEYS

     CHAPTER 5: HOW TO CUSTOMIZE

     CHAPTER 6: PASSWORD EXPIRED!

     CHAPTER 7: MULTIPLE SERVER ENVIRONMENTS

     CHAPTER 8: FSLOGIN AND DIALIN SERVERS

     CHAPTER 9: SOME OTHER FEATURES

     APPENDIX A: SOME QUESTIONS AND ANSWERS

     APPENDIX B: ERRORLEVELS AND ERROR MESSAGES

     APPENDIX C: ERRORCODES FROM THE NETWORK

     APPENDIX D: CURRENT LIMITATIONS

     APPENDIX E: REGISTRATION AND SUPPORT

     APPENDIX F: THE SHAREWARE CONCEPT

     APPENDIX G: DISCLAIMER - AGREEMENT
     
     CHAPTER 1: THE PURPOSE OF THIS PROGRAM

     All the PC-users who are connected to a local area network
     with Novell servers, have at least one thing in common. They
     must login to the network, before applications and data become
     available. It's obvious that this is almost always done using
     the standard Novell login program. This command line utility,
     however, is not very attractive to use and does not do a fine
     job, when users must be informed about network exceptions or
     errors.

     Ŀ
                      Login Error                  
     ı
                                                   
      The login process to the choosen file server 
      with the choosen userid cannot be completed. 
                                                   
      One of the security measures prevented this. 
      You will have to contact the system admini-  
      strator to clear this situation.             
                                                   
      The errorcode and reason is:                 
                                                   
      Errorcode : 197                              
      Reason    : Intruder lockout                 
                                                   
     

     FSLOGIN enhances the way users can login to a server, by
     providing a full screen, Novell menu style program. FSLOGIN is
     not only a different way to type some data, like the userid
     and the password, but does extensive checking of accounting
     and security exceptions. All kinds of reasons why a user
     cannot login to a server, are presented in clear text in a
     full screen window. Because the user is properly informed of
     certain exceptions, he or she will be able to communicate
     better with the system administrator, instead of complaining
     of not being able to login.
     The actual Novell login command line utility is only executed
     after various checks on correctness of names, accounting and
     security matters have been done. Almost nothing but a file
     server that goes down at that particular moment, can go wrong
     now.
     
     CHAPTER 2: HOW TO INSTALL?

     Installing the Full Screen Login program can be done in three
     stages.
     The first stage is always required. The stages two and three
     are optional, and using them depends on the preference of the
     system administrator.

     The first stage installs FSLOGIN on the Novell server, and is
     basically enough to make it available for use.

     The second stage is distributing one of the program files of
     FSLOGIN to PCs with a local hard disk. The benefit of this is,
     that this program is capable of 'finding' the sys:login
     directory, even if it is on some network drive like z:.

     The third stage is renaming the program fslogin.com to
     login.com. This makes the Full Screen Login program the one
     that's always used, and you don't have to change existing
     batch files, where 'login' is called.


     Stage One

     Execute the installation batch file (INSTALL.BAT) from the
     drive and directory where the distribution files reside. The
     installation procedure prompts for the language support files
     to install (currently English and Dutch) and installs the
     program and language support files to the directory sys:login.
     The file fslogin.com is also copied to the sys:public
     directory. All files except fslogin.ini are flagged read-only
     shareable.

     When you are using a NetWare 2.xx server, you must grant a
     trustee assignment to the group everyone, which gives this
     group read and file scan rights in the sys:login directory.

     That's all! Just type fslogin now.


     Stage Two

     Distribute the program fslogin.com to the local disk of the
     PCs in your network. Make sure that this program resides in a
     directory, that is in the PATH variable. From that moment on,
     your users will be able to login, even if they have logged out
     the last time from 'some' network drive, leaving sys:login on
     'some' network drive letter, but the first.


     Stage Three

     Rename fslogin.com to login.com in both the directories
     sys:login and sys:public. When Stage Two has been used, also
     distribute login.com to the PCs with a hard disk.


     Local Disk Installation

     Version 1.4 can be installed on a local hard disk in addition
     to installation on a file server. In general, this should not
     be done because it creates a maintenance problem.
     However, there are situations where installation on a local
     disk is preferred. For example, when a workstation is connected
     to a LAN through a wide area link, program loading from a
     server is considerably slower compared to LAN speed.

     Example of a directory on a local harddisk:

     C:\NWCLIENT\IPX.COM
     C:\NWCLIENT\NETX.EXE
     C:\NWCLIENT\FSLOGIN.COM
     C:\NWCLIENT\FSLOGIN.OVL
     C:\NWCLIENT\FSLOGIN.CWA
     C:\NWCLIENT\FSLOGIN.HLP
     C:\NWCLIENT\LOGIN.EXE

     Note that the file fslogin.ini is not copied to this
     directory. This file is always read from the directory
     sys:login, because users should not be able to modify this
     file themselves. Note also that Novell's login.exe can
     also be copied to the same directory. This is optional
     but will speed up the login process. The only thing that
     needs to be done after installation is taking care that
     the copy of fslogin.com in the directory c:\nwclient is
     executed. This .com file does the rest.

     
     CHAPTER 3: HOW TO USE?

     Once installed, Full Screen Login is available. Just type
     FSLOGIN and the Login Data menu shows up. As you can see the
     name of the default server, to which the workstation is
     attached, is automatically placed in the Server field. For a
     first exercise, fill in the name of a userid you want to use
     and press the enter key. The highlight goes down to the
     Password field. When there is a password defined for this
     userid, fill it in. Otherwise leave this field blank. When all
     datafields are okay, press the enter key to confirm all the
     data to the program.

     Ŀ
                     Userid and/or Password Error                
     ı
                                                                 
      The Userid and/or the Password is not correctly specified. 
      Please retype the Userid and/or the Password.              
                                                                 
     

     At this moment the information that has been placed in the
     fields will be validated, and when something is wrong, you
     will be informed.
     When the validation is okay, and there are no other accounting
     and security restrictions, the login process continues with
     the execution of the system and user login scripts. You as a
     system supervisor, do not have to change anything to existing
     login scripts in order to use FSLOGIN.

     In contrast to the 'standard' Novell menu interface, the
     cursor is always visible in the input fields. This relieves
     the user from the unfriendly difference between moving between
     fields and editing them. When the highlight is moved to
     another field, that field automatically switches to edit mode
     and the cursor is shown. The keys to move between the fields
     are: tab, backtab, up arrow and down arrow. The enter key also
     moves the highlight down until used in the last field of a
     form. The keys to move the cursor in a field while editing
     are: home, end, left arrow and right arrow.
     
     CHAPTER 4: SPECIAL KEYS

     F1 = Help

     You might already have used the F1 key for online help. Most
     of the basics of this utility are explained here, and the
     average user should have enough information to do the job. The
     up arrow, down arrow, page up and page down let you scroll
     through the text, and the escape key brings you back again.


     F5 = ServerList

     When you are working in a multiple server environment, the
     ServerList function becomes valuable. Just press this key, to
     get an overview of all the file servers in your network, and
     pick one.
     Note that using the F5 key is independent of the currently
     highlighted field. It always works. There is an option to
     restrict the end-user view  on the network by disabling the
     ServerList function or by limiting the ServerList to a custom
     specified list. See chapter 5 'How to Customize?' for more
     information.

     Ŀ
            List of servers        
     ı
      EARTH                       
      JUPITER                     
      MARS                        
      MERCURIUS                   
      NEPTUNES                    
      PLUTO                       
      SATURNUS                    
      URANUS                      
      VENUS                       
      Z220                        
                                  
                                  
     

     F7 = Supervisor

     There is one specific userid, which is probably typed
     thousands of times each day by thousands of supervisors. Just
     press the F7 key and look what happens. FSLOGIN presents you
     a list with a few very often used names in it. Move the
     highlight to the one you need and press the Enter key. After
     pasting the chosen username is the Userid field, the highlight
     goes straight to the password field, since this is most likely
     the place you want to go. The three names that appear in the
     list right after installation is just an example. The names to
     appear in the list can be customized in the fslogin.ini file.
     See also chapter 5.1, the ULIST keyword. If security is very
     important and you do not want users to 'discover' the
     existence of a supervisor userid, you can turn this feature
     off by using the statement ULIST=0.



     
     CHAPTER 5: HOW TO CUSTOMIZE

     FSLOGIN has three ways to customize various options and
     program behaviour. The first one is modifying one of more of
     the options in the file fslogin.ini. This file resides in the
     sys:login directory, together with most other program files.
     The options that are specified here are system wide. They are
     valid for all users who are attached to this server. The
     second way to customize is using one or more command line
     parameters that override one or more of the system wide
     options from fslogin.ini. The usage of command line parameters
     apply only to that particular instance of FSLOGIN. The third
     way to customize FSLOGIN is using environment variables to
     pre-fill the Server and/or Userid fields with a specific
     value.


     5.1: Fslogin.ini parameters

     The file fslogin.ini in the sys:login directory contains a
     number of parameters. Since fslogin.ini is a plain ASCII text
     file, it can be edited with any text editor. Comment lines
     start with a semicolon. The comment lines in the default
     fslogin.ini can be deleted if necessary.


     Days=0 - 9

     The value of this parameter determines the number of days a
     user is invited to change a password, before the actual
     expiration date. Changing the password before the actual
     expiration date is not required, so when the user presses the
     escape key, he or she is logged in with the current, but soon
     expired password. This method, however, triggers the average
     user to start thinking about something new before it is too
     late. This option prevents unnecessary phone calls to the
     system supervisor.


     Dim=0 - 9

     The build-in screen dimmer becomes active after a certain
     amount of keyboard inactivity. This amount of time, measured
     in minutes, can be customized with the Dim= parameter. When
     the value is 0, the build-in screen dimmer is disabled. See
     also the !nd command line parameter below.


     diTim=0 - 9

     DialinTime specifies the maximum time in minutes allowed to
     login on a dialin host PC. This statement only has effect when
     used in combination with the !di command line option.
     See the next sub-chapter for command line arguments.
     When the dialinTime has elapsed, FSLOGIN takes action
     according to the value of the diAct parameter.


     diMax=0 - 9

     DialinMax specifies the maximum number of login attempts
     that can be made by a user connected to a dialin host
     computer. When the user keeps on specifying incorrect
     information, like Servername, Userid and/or Password,
     FSLOGIN takes action according to the value of diAct.
     Like diTim this statement has only effect when the !di
     command line argument is used.


     diAct=0 or 1

     DialinAction specifies what to do when one of the two above
     events happen. A value of 0 for diAct tells FSLOGIN to exit
     to DOS with an errorlevel. The errorlevels used are 2 for
     diTim and 3 for diMax.
     When diAct=1, FSLOGIN takes a more drastic security measure
     by trying to close the COM ports of the dialin host PC and
     starts rebooting.

     Esc=0 - 2

     The escape key at the top level (the Login Data form) can be
     disabled or enabled with this parameter. In some environments
     the supervisor might want to force users to login before doing
     anything else on their workstation. A value of 0 disables
     'escaping' from the top level menu. When the value is 1, the
     user can leave this application. When the value is 2, the user
     is prompted by a 'yes/no' box before exiting. See also the !ne
     command line parameter.


     Exp=0 or 1

     This parameter switches the exploding windows effect on (1) or
     off (0). Some people like this exploding windows effect,
     others don't. So it's optional.


     Kbc=0 or 1

     Up until version 1.4 the keyboard was always cleared when started.
     This can be turned off or on now using the fslogin.ini statement
     KBC=0 or KBC=1.


     Lws=0 or 1

     Up until version 1.4 the current account was not logged out when
     FSLOGIN was started. In other words when the user did not actually
     login but pressed the escape key, he was back exactly where he was.
     Immediate Logout can be turned on using the fslogin.ini statement
     Logout When Started (LWS=1).


     Nns=0 - 2

     NetWare Name Service support is switched on or off using this
     statement. A value of 0 disables NNS support. A value of 1
     lets FSLOGIN automatically detect if the server is part of a
     Domain or not. A value of 2 always forces the Name Service
     Login Data form to be used.


     Pfp=0 - 3

     The value of the Password Field Presentation parameter
     determines what the user sees when a password is typed.
     A value of 0 gives the same effect as a 'default' Novell menu
     style utility, and that is nothing. The cursor stays in the
     home position of the field and there is no further indication
     of what is typed.
     A value of 1 lets the cursor move as characters are typed,
     showing spaces instead of the actual typed characters.
     A value of 2 also moves the cursor and shows dots instead of
     spaces.
     A value of 3 also moves the cursor and shows a row of stars
     instead.


     Pro=0 or 1

     This parameter is used in combination with the NetWare Name
     Service Login screen only. When set to zero, it's default, the
     Profile field contains the text 'default'. When set to one,
     the contents of the Profile field is synchronised with the
     contents of the Serverfield. So when a different server is
     picked from the Serverlist, both the Servername and the
     Profile will contain the new value. Note that the environment
     variable FS_PRO still overrides this system wide setting.

     Pss=0 or 1

     The result of password synchronisation can be shown to the
     user or be left away. Password synchronisation is only active
     when working in a NNS domain or when a Server Group has been
     defined.

     Sdw=0 or 1

     This parameter switches the shadow effect behind the windows
     on (1) or off (0).


     Sgroup=0 - 2

     The Server Group function is disabled when the value of Sgroup
     is 0. This means that FSLOGIN does not attempt to synchronize
     a newly specified password on other servers. When the value of
     Sgroup equals 1, all the servers in the network will be
     considered as one Server Group. When a user specifies a new
     password for his 'home' server, FSLOGIN will attempt to
     synchronize this new password on all servers which have the
     same userid defined. The system administrator can restrict the
     servers in a Server Group by explicitaly specifying which
     servers belong to it. For example:

     Sgroup=2
     home_Server
     second_server
     third_server

     The list of server names that comes directly after the
     Sgroup=2 statement can contain 16 names. Wildcards in each
     individual 'name' are allowed. For example:

     Sgroup=2
     home_server
     other*


     Slist=0 - 3

     When this parameter is set to 0, the ServerList function is
     disabled. When set to 1, the entire network is visible to the
     user. The system administrator can restrict the names of
     servers in the ServerList by explicitaly specifiing which
     servers may be seen. For example:

     Slist=2
     home_Server
     second_server
     third_server

     The list of server names that comes directly after the Slist=2
     statement can contain 16 names. Wildcards in each individual
     'name' are allowed. For example:

     Slist=2
     home_server
     other_*

     The user can be further restricted by not allowing the
     Servername field to be edited. This feature can be turned on
     when specifying 'Slist=3'. The effect is that the user can
     pick from the custom list of servers after the Slist
     statement, but is not able to alter the name in the Servername
     field.


     Ulist=0 or 2

     This parameter defines the behaviour of the F7 key. In
     previous versions, the F7 key pasted the 'Supervisor' user
     name in the Userid field. Now it can be turned off, changed to
     another user name or even to a list of user names. The
     following example presents a small list with two user names
     when the F7 key is pressed.

     Ulist=2
     Supervisor
     Lanvisor

     When you specify only one name in this list, most probably
     Supervisor, then there is no list on the screen and the F7 key
     functions the same as with previous versions of FSLOGIN. When
     you want to disable the F7 key, use the value 0 after the
     Ulist= parameter.


     UXList=0 or 2

     Certain userid's like GUEST can be excluded from beeing used
     with put un the User eXclude List.
     
     5.2: Command line parameters

     The following command line parameters are specified directly
     behind the command 'fslogin'. For example 'fslogin !ne'. These
     command line parameters are used to override some of the
     system wide options from the fslogin.ini file.


     !nd

     NoDimmer. The NoDimmer option might be useful when FSLOGIN
     is used in combination with asynchronous dial-in servers.


     !ne

     NoEscape. The user of this workstation must login first now.


     !ns

     NoServerlist. The ServerList function for this workstation is
     restricted now.


     !di

     Activate the dialin specific parameters in fslogin.ini.
     These specific dialin parameters are diTim, diMax and diAct.
     The use of !di also automatically activates !ne and !nd.

     
     5.3: Environment variables

     To make daily use even more simple, two of the three fields in
     the Login Data form can be pre-filled. You might already have
     noticed that the Server field contains the name of the server,
     to which the PC is attached. This automatic filling in of a
     servername should be sufficient in single server environments,
     where there is nothing to choose. However, in a multiple
     server environment the server to which the PC is attached is
     not always the one users need to access. A DOS environment
     variable can be used to specify a different name as the
     default. Type the following command at the DOS command prompt.

     SET FS_SRV=MYSERVER

     When the program is started again the Server field will
     contain the string 'MYSERVER'. Another feature available here
     is the ServerList function. When the F5 key is pressed, the
     program reads the names of available servers in the network
     and presents a list on the screen. Just move the highlight and
     pick a name!

     The environment variable FS_PRO defines a 'default' profile
     for use in a NetWare Name Service environment. For example:

     SET FS_PRO=PROFILE_ONE


     The Userid field can be pre-filled as well with the use of
     another environment variable. Type the following command at
     the DOS command prompt.

     SET FS_UID=MYUSERID

     Now the Userid field will also come up with a default. When
     the pre-filled values for the Server and Userid are correct,
     the only thing the user has to do is type the corresponding
     password and press the enter key twice.

     There is a special form of the FS_UID variable, that can be
     useful when the userids in your organisation are highly
     structured. There are companies that use not so individual
     userids like ACCOUNT01, ACCOUNT02, ACCOUNT03 etc. And maybe
     SALES01, SALES02 and so on. The idea behind this is that the
     first part of the userid is always the same. The 'common' part
     of the userid string can be pre-filled by placing it in the
     environment variable FS_UID, followed by a tilde. For example:


     SET FS_UID=TECHNO~

     Have a look at what happens!
     
     CHAPTER 6: PASSWORD EXPIRED!

     An expired password is almost always a source of
     inconvenience. Most users manage well reading the line mode
     text from the Novell Login program. Some other users will
     always succeed in locking up their userid and call for
     supervisor assistance. FSLOGIN helps most users taking this
     hurdle in a user friendly way and, most important, without
     help of a system administrator. The first step FSLOGIN takes
     is notifying the user that his password is going to expire
     some day in the near future, and, at the same time giving the
     user the possibility to change now. Here is what you get!

     ͻ
                              Password Status                          
     ͹
       Your current password is going to expire in 5 days. If you      
       wish you can specify a new password now. Retype the new         
       password again after the Verification prompt. This is a check   
       to prevent typing errors. Your new password should be at        
       least 4 characters long.                                        
                                                                       
           New Password   .....................................        
                                                                       
           Verification   .....................................        
                                                                       
     ͼ

     When the user takes no action the actual expiration date will
     come, and if the user wants to login, he will be forced to
     change the password now. It is possible to escape from the
     'Password Expired Status' form, but there will be no login.
     This does not mean that the grace login mechanism of the
     Novell security system is not used any more. At least one
     grace login is needed to be able to change the current
     password into a new one. So do not set the grace login count
     for the users to zero! When there are no grace logins left,
     there is no way a user could login. Neither with the Novell
     login program, nor with any other program!
     
     CHAPTER 7: MULTIPLE SERVER ENVIRONMENTS

     FSLOGIN has support for password synchronisation
     in multiple server environments. Password synchronisation is
     needed for those users that are defined on more than one
     server. Basically there are two methods that are used in
     multiple server environments:

     NetWare Name Service

     NNS is a Novell product that is widely distributed among large
     corporations. The basic idea is to give each user a single
     login to the servers that are needed to do the job. When the
     system administrator creates a new user in an NNS Domain, that
     userid is created on all the servers in that domain. Depending
     on the specified Profile, the user is attached to one or more
     servers in the Domain.

     The ATTACH login script statement

     ATTACH statements are specified in either the system login
     script or the user login script. When a user does a login to
     his 'home' server the statements are executed and the user is
     automatically attached to a second, maybe a third server in
     the network. The userid must be defined on the 'other' servers
     as well and the passwords must be in sync.

     FSLOGIN supports both the Netware Name Service
     environment and the multiple server environment where the
     Attach method is used.
     
     7.1: NetWare Name Service support

     When FSLOGIN is used in a NNS environment, it can be
     customized to present the user a NNS specific Login Data form.
     (See also the chapter on 'How to customize'). The user can
     specify a profile or leave this field to its default value.
     Like all other fields that are filled in, the Profile is
     validated for existence and authorization, before FSLOGIN
     continues.

     ͻ
                 Please enter your Login Data            
     ͹
                                                         
           Server      YOUR_DOMAIN_SERVER                
                                                         
           Profile     DEFAULT                           
                                                         
           Userid      YOUR_USERID                       
                                                         
           Password    ..........................        
                                                         
     ͼ

     When the password for a user expires (or will expire within a
     number of days in the near future) the user will be prompted
     to change the password. When the new password is validated
     FSLOGIN synchronises the new password on all the servers in
     that domain. The user is informed about the result of this
     synchronisation step.
     
     7.2: Server Groups

     FSLOGIN has a new feature called Server Groups.
     This feature makes it possible to take care of password
     synchronisation in non-NNS environments. Two or more servers
     can be defined as a logical group, and FSLOGIN will treat this
     group as a domain. When a user is defined on more than one
     server in this group, FSLOGIN will take care of password
     synchronisation. What are the steps to be taken?


     Step One

     Define two or more servers as a group. This is done in the
     FSLOGIN.INI file by customizing the Sgroup (Server Group)
     statement. For Example:

     Sgroup=2
     home_server
     other_server


     Step Two

     Define a new user on both servers and make sure the accounting
     restrictions and the inital password are the same. If you want
     to use an existing userid check that the accounting restrictions
     and password synchronisation status. Correct them if necessary.


     Step Three

     Login with that userid on the home server. Because the
     supervisor just defined the new account you will be prompted
     for a new password. Type a new password and see the result of
     the synchronisation step.

     Ŀ
                     Synchronization Status                
     ı
      JUPITER              0 Ok                          
      MARS               252 No such userid              
                                                         
                                                         
                                                         
                                                         
     

     It is not necessary to define all users on all servers in the
     Server Group. Only those people that need to access the
     OTHER_SERVER need a corresponding userid and password.
     
     CHAPTER 8: FSLOGIN AND DIALIN SERVERS

     Most of the Local Area Networks are not only used from
     workstations that are directly attached. There is a growing
     need to access the data and programs on a corporate LAN from
     other geographical locations. This need for communication has
     led to products that turn a regular workstation in a LAN
     into a dialin host that can be accessed using regular
     telephone lines and modems. It's obvious that these gateways
     to programs and data need to have the mechanics to prevent
     unauthorised access. Many of the products that are on the
     market today have security options built in.
     FSLOGIN, however, adds an extra layer of access security to
     the Novell servers in the network. Once a remote user has a
     dialin connection to a dialin host on a LAN, that user has to
     pass the proper login information before data and or programs
     can be accessed.
     FSLOGIN has extra security options, which have been designed
     specifically for use on dialin host machines.

     First of all the amount of information that a user can 'see'
     in the FSLOGIN screen can be restricted to almost nothing.
     The user has to know the name of the Server, his/her userid
     and, off course, the corresponding password.
     The Serverlist feature of FSLOGIN can be turned off for
     individual workstations using the !ns command line option.
     This command line option overrules the global setting in
     fslogin.ini. Furthermore, the default name in the Server field
     can be suppressed using the environment variable FS_SRV=NONE.

     The next step in building a security wall is disabling the use
     of certain userids that are not easy to delete (GUEST for
     example) yet not meant for regular access by users. The User
     eXclude List feature makes this possible. This list is specified
     in the fslogin.ini file with the statement 'UXList'.

     When the dialin user accesses the host PC, it's obvious that
     FSLOGIN should not be terminated with the Escape key. This would
     allow the user to access the standard Novell command SLIST and
     LOGIN. Although the Escape key can be enabled or disabled globally
     in fslogin.ini, it can be disabled in specific situations using
     the !ne command line option.

     The next step is preventing a user from trying out all kinds of
     combinations of Server names, Userids and Passwords. Not that
     this is likely to succeed but these tryouts can be prevented using
     the following statements in FSLOGIN.INI.

     diMax=0 - 9

     dialinMax defines the maximum number of login attempts that a
     user can make before FSLOGIN takes action. For example, when
     diMax= 3, the user can make three attempts to login and when
     the third attempt is invalid (invalid Servername, invalid Userid
     or invalid Password) the action specified in diAct is executed
     (see below).

     diTim=0 - 9

     dialinTime specifies the maximum time in minutes that FSLOGIN
     waits for the user to login. When this time expires, FSLOGIN
     assumes that the connection between the dialin host and the PC
     at the other end should be terminated. See diAct below.

     diAct=0 or 1

     The dialinAction parameter in FSLOGIN.INI specifies the action
     that should be taken when one of the two above events occur.
     When diAct=1 FSLOGIN tries to close the communication ports of
     the dialin host and then reboots the machine. No better way to
     break the connection between you and a hacker.
     When diAct=0 FSLOGIN does not reboot the dialin host but returns
     to DOS with a specific error level. The error level identifies the
     event that has occurred. The error levels are 2 for a diTim event
     and 3 for a diMax event. It is up to the procedure (batch file)
     that called FSLOGIN to handle these error levels. The batch file
     could, for example, execute a LOGOFF program, that is specific
     for a certain dialin software package.

     Note that although the later three parameters (diMax, diTim and
     diAct) are specified in fslogin.ini, they are only activated
     when FSLOGIN is started with the !di command line option.
     The !di command line argument also automatically activates the
     !ne (NoEscape) and the !nd (NoDimmer) options. The !ns
     (NoServerlist) is not automatically included.

     A sample batch file that starts dialin host software and FSLOGIN
     could look like this:

     ...
     SET FS_SRV=NONE    ; no default server
     LSL                ; Link Support Layer
     NE2000             ; Hardware driver
     IPXODI             ; IPX protocol stack
     NETX               ; NetWare Shell
     PCSOMEWHERE        ; Wait here for dialin user!
     FSLOGIN !DI !NS    ; Secure login
     ...

     The batch file continues with the next statement when the
     dialin user specifies the correct login information in the
     specified amount of time. Otherwise the dialin host PC can
     either be rebooted or FSLOGIN returns an error level to the
     batch file.

     
     CHAPTER 9: SOME OTHER FEATURES

     Dos Requester

     Version 1.4 is compatible with the Dos Requester (VLM's or
     Virtual Loadable Modules). Novell has updated the Dos Requester
     several times since the first introduction. At the time of
     this writing VLM version 1.20 is the current one.


     Login Script Parameters

     Full Screen Login has support for the optional parameters,
     that can be passed to the system login script. There is no
     separate field for this, but parameters can be typed in the
     Userid field after the name of user. Leave one space between
     the name of the user and the parameter. When the Userid field
     seems to be full, just type ahead and see the text scroll. The
     combined length of the name of the user and the optional
     parameters cannot exceed 64 bytes.


     Command line mode

     FSLOGIN does not only work full screen, but is also command
     line compatible with the Novell login command. The fslogin.com
     program does in fact pass the command line that is typed to
     the login.exe program. The advantage of using FSLOGIN is that
     the sys:login directory will be searched for and set to the
     first network drive letter. No more manual searching for drive
     'x'.


     Monochrome VGA

     FSLOGIN works with monochrome VGA monitors without manually
     setting a specific video mode with the mode command.


     Your Company Name

     Since version 1.1. a RRS (Registration Reminder Screen) has
     been added. This is the small window below the Login Data
     window, that contains the text 'Unregistered 30 days
     Evaluation Copy'. When you register you should specify a text
     string that you want to appear in this window. This text
     string should contain company information like the name of the
     company and perhaps the name of the department which does the
     registration. See the document REGISTER.xx for further
     instructions.
     
     APPENDIX A: SOME QUESTIONS AND ANSWERS

     Question 1

     When I want to use your program, do I have to throw away my
     existing login scripts?

     No you don't. Full Screen Login does not replace the Novell
     login.exe and corresponding login scripts. It adds full screen
     support and extensive error and exception reporting, without
     throwing away your already made effort.


     Question 2

     Why is the fslogin.com the only program to copy to the
     sys:public directory?

     In order to conserve a bit of disk space, and make eventual
     updates as easy as possible to install, there is only one
     place for the overlay and other support files, and that is the
     sys:login directory. The file fslogin.com is the only one to
     copy to the public directory.


     Question 3

     I have just installed your product, but I receive the message:
     'The FSLOGIN.OVL program could not be executed.'.

     The most probable cause is, that you run the program
     fslogin.com from a local hard disk, but the server you are
     attached to does not have Full Screen Login installed. Use the
     NETX option 'PS=MYSERVER' to make the correct server the
     default, or better, install Full Screen Login on the other
     servers as well (see also sitelice.doc).


     Question 4

     I installed Full Screen Login, but whenever I want to use it I
     receive the message: 'The LOGIN.EXE program cannot be
     executed.'.

     Did you rename the original Novell login.exe? If yes, rename
     it back or make a copy of it.


     Question 5

     I work for a large company with 257 file servers in a network.
     When I use the ServerList function, there are only 255 file
     servers in the list.

     The current limitation of the ServerList function is 255
     names. If this really is a problem, please contact Confirm.


     Question 6

     Your program does not support grace logins. What should I do
     with the currently defined grace logins?

     Don't throw away the grace option for your users! When you
     disable grace logins, there will be no way the user can change
     the password, neither with the FSLOGIN program, nor with any
     other login program. In fact Full Screen Login needs some
     grace logins to remain, in order to be able to change the
     password. It's also worth mentioning, that when a user presses
     the escape key in the Password Expired Status form, the number
     of Grace Logins Left will be decremented by one. In fact Full
     Screen Login did do a login function call once to find out
     that the password had expired.


     Question 7

     During the installation, stage one, I have to add a trustee
     assignment to the sys:login directory for the group EVERYONE.
     Why is this for NetWare 2.xx only?

     Because NetWare 3.11 already gives EVERYONE access to the
     sys:login directory, even after login. NetWare 2.xx did 'hide'
     the sys:login directory after login.
     
     APPENDIX B: ERRORLEVELS AND ERROR MESSAGES

     EL        Meaning ...
     ------------------------------------------
     0         Login ok

     1         The user pressed the escape key

     2         The diTim event has occurred.

     3         The diMax event has occurred.

     4,5       Reserved

     6         Login has executed, but a failure occurred.
               The returncode is: .. (hex)

     7         Reserved

     8         FSLOGIN.OVL or LOGIN.EXE could not be
                executed. Dos extended errorcode: .. (hex)

     9         Shell/Requester/Network not available.
     
     APPENDIX C: ERRORCODES FROM THE NETWORK

     147  No read privileges

     The program tried to read information from the bindery, but
     the operating system did not allow this. Normally this error
     should not occur and might indicate problems with the bindery.


     150  Server out of memory

     This situation means real trouble. For some reason memory
     cannot be allocated for certain tasks. Shutdown any NLM that
     is not strictly needed and try to clean up as many connections
     as possible. There might be only one way to deal with this
     problem and that is RAM.


     193  No account balance

     This userid, also called account, has no initial account
     balance to work with. The supervisor should assign an account
     balance with syscon. This only occurs on servers with an
     activated (Novell) accounting system.


     194  Credit exceeded

     The user has no more credits to continue working. The
     supervisor should assign enough credit to the user. This only
     occurs on servers with an activated (Novell) accounting
     system.


     197  Intruder lockout

     There has been a number of attempts to login with this userid
     in combination with incorrect password. The user either has to
     wait for the intruder lockout time to expire, or the intruder
     lockout can be cleared by the supervisor. This error can only
     occur when the intruder lockout mechanism on the server is
     activated with syscon.


     215  Password not unique

     The newly typed password has been used before. NetWare can
     keep a record of a number of used passwords on a per user
     basis. This option can be switched on or off with syscon for
     individual users.


     216  Password too short

     The newly typed password is too short. NetWare requires
     passwords to have a minimum length. This minimum length can be
     set on a per user basis with syscon.



     217  Maximum connections in use

     The user tried to login from more than one workstation at the
     same time, while a limit has been defined for this user.
     Either the limit could be increased for this user or the user
     should logout from other workstations first.


     218  Not authorized at this time

     There is a time restriction for this user, which prevents
     login at this moment. Time restrictions are set system wide or
     on a per user basis by the supervisor.


     219  Not authorized at this station

     There is a station restriction for this account. For security
     reasons certain accounts can be restricted to be able to login
     from certain workstations only.


     220  Account disabled

     The account (userid) exists but cannot be used, because it has
     been disabled by the supervisor.


     222  Password disabled

     The current password for the user has expired, and there are
     no more grace logins available. The supervisor must assign
     another password to this user to be able to continue. It is
     advisable to give users a number of grace logins, so that they
     will be able to change their password themselves.


     223  Password expired

     The password expiration date has been reached or even passed,
     but there are grace logins available. FSLOGIN warns the user
     and presents a Password Status window. The user must change
     his password now.


     232  Write property to group

     This error indicates a problem with the bindery. Re-try the
     operation and when the problem persists, run the  bindfix
     utility.


     236  No such segment

     The bindery was queried for some information, but the expected
     piece of information was not there. This error could also mean
     some problems with the structure of the bindery.


     239  Invalid name

     The bindery was queried for some information, but NetWare
     responded that the name used was not valid. This error could
     indicate a bindery problem or a programming error in FSLOGIN.


     240  Wildcard not allowed

     A wildcard was used when the bindery was updated. Some
     information to be placed in the bindery cannot contain
     wildcards like '*' and '?'


     241  Invalid bindery security

     The current user has no rights to read from or write to the
     bindery. This problem could indicate a problem in the bindery
     structure.


     248  No property write privilege

     The current user has no rights to write to the bindery.
     Normally this should not occur, because the only update the
     user does, is changing his own password.


     249  No free connection slots

     The NetWare shell has run out of connections slots. There are
     eight connections possible with eight different servers.
     Logout from a server that is no longer needed.


     250  No more server slots

     The server has reached its limit for the number of
     connections. This number is determined by the license that is
     running on the server (5 .. 250 users). The supervisor can try
     to clear some unused connections with Fconsole (NetWare 2.xx)
     or Monitor (NetWare 3.x).


     251  No such property

     The program tried to read a property from the bindery and the
     property is not there. Again this could be a reason to run
     bindfix.


     252  No such object

     The program tried to read an object from the bindery and the
     object is not there.



     254  Server bindery locked

     Bindery read or write actions are not possible, because the
     bindery is not available. This can be the result of a program
     that has closed the bindery. Programs that close the bindery
     are for example bindfix and most backup restore programs. The
     bindery should be re- opened again when these programs have
     done their job. If this is not the case the server has to be
     brought down and started up again.


     255  No response from server

     This errorcode can represent several errors, by which the
     server is not responding properly to workstation requests.
     
     APPENDIX D: CURRENT LIMITATIONS

     NetWare 4.02

     The current version of FSLOGIN does not support NetWare
     Directory Services. Accessing a NetWare 4.02 server can be
     done when bindery emulation mode has been installed. There is,
     however, one additional installation step that has to be done.
     The NetWare 4.02 should be provided with a NetWare 3.11 or
     3.12 login.exe program.
     Rename the NetWare 4.02 login.exe to something like log402.exe
     and copy a NetWare 3.11 or 3.12 login.exe to the sys:login
     directory using the original name 'login.exe'. The 3.11
     login.exe is smaller and faster than the log402.exe and can be
     used for bindery emulation mode access. FSLOGIN works in
     combination with the 3.11 login.exe installed on the 4.02
     server.
     
     APPENDIX E: REGISTRATION AND SUPPORT

     Feel free to use Full Screen Login for a trial period of 30
     days. After this period you are expected to register or stop
     using it. The registration fee is based on a single file
     server license. When used on more servers, each server should
     have its own license or better, a site license should be
     obtained. See the document SITELICE.DOC.

     Registered users receive a printed manual together with the
     latest release of FSLOGIN, which is 'personalised' with the
     name of their company or otherwise custom specified text.

     Registered users will receive one free update when a new
     version becomes available.

     Registered users are offered free support for a period of six
     months. Please use either CompuServe mail, Telefax, Fidonet or
     phone in this preferred order. It is the author's goal to
     answer all questions within a reasonable amount of time.

     CompuServe     : 100334,572
     Fidonet        : 2:512/250.359
     Telefax        : (+31) 8360 - 41580
     Phone          : (+31) 8360 - 24988

     Due to international regulations our phone and faxnumber will
     change in 1995. From October 10, 1995 the numbers will be:
     Phone: +31 - 316 - 524988
     Fax  : +31 - 316 - 341580

     Registration differs for the Netherlands, the United States
     and other countries. When neither the Netherlands nor the US
     apply to you, you are expected to follow the US procedure, or
     contact Confirm for another arrangement. See also the
     REGISTER.xx forms on the distribution diskette or the archive
     file.
     
     APPENDIX F: THE SHAREWARE CONCEPT

     Shareware distribution gives users a chance to try software
     before buying it. If you try a Shareware program and continue
     using it, you are expected to register. Individual programs
     differ on details. Some request registration while others
     require it, some specify a maximum trial period. With
     registration, you get anything from the simple right to
     continue using the software to an updated program.
     Copyright laws apply to both Shareware and commercial
     software, and the copyright holder retains all rights, with a
     few specific exceptions as stated below. Shareware authors are
     accomplished programmers, just like commercial authors, and
     the programs are of comparable quality. (In both cases, there
     are good programs and bad ones!)
     The main difference is in the method of distribution. The
     author specifically grants the right to copy and distribute
     the software, either to all or to a specific group. For
     example, some authors require written permission before a
     commercial disk vendor may copy their software.
     Shareware is a distribution method, not a type of software.
     You should find software that suits your needs, whether it's
     commercial or Shareware. The Shareware system makes fitting
     your needs easier, because you can try before you buy. And
     because the overhead is low, prices are also low. Shareware
     has the ultimate money-back guarantee -- if you don't use the
     product, you don't pay for it.


     The Ombudsman

     This program is produced by a member of the Association of
     Shareware Professionals (ASP). ASP wants to make sure that the
     shareware principle works for you. If you are unable to
     resolve a shareware-related problem with an ASP member by
     contacting the member directly, ASP may be able to help. The
     ASP Ombudsman can help you resolve a dispute or problem with
     an ASP member, but does not provide technical support for
     members' products. Please write to the ASP Ombudsman at 545
     Grover Road, Muskegon, MI 49442-9427 USA, FAX 616-788-2765 or
     send a CompuServe message via CompuServe Mail to ASP Ombudsman
     70007,3536.
     
     APPENDIX G: DISCLAIMER - AGREEMENT

     Users of FSLOGIN must accept this disclaimer of warranty:

     "FSLOGIN is supplied as is. The author or Confirm disclaims
     all warranties, expressed or implied, including, without
     limitation, the warranties of merchantability and of fitness
     for any purpose. The author assumes no liability for damages,
     direct or consequential, which may result from the use of
     FSLOGIN."

     FSLOGIN is a "shareware program" and is provided at no charge
     to the user for evaluation. Feel free to share it with your
     friends, but please do not give it away altered or as part of
     another system.  The essence of "user-supported" software is
     to provide personal computer users with quality software
     without high prices, and yet to provide incentive for
     programmers to continue to develop new products. If you find
     this program useful and find that you are using FSLOGIN and
     continue to use FSLOGIN after a trial period of 30 days, you
     must make a registration payment to Confirm. The registration
     fee will license one copy for use on any one Novell NetWare
     server at any one time. You must treat this software just like
     a book.  An example is that this software may be used by any
     number of people and may be freely moved from one server
     location to another, so long as there is no possibility of it
     being used at one location while it's being used at another.
     Just as a book cannot be read by two different persons at the
     same time.

     Users of FSLOGIN must register and pay for their copies of
     FSLOGIN within 30 days of first use or their license will be
     withdrawn.

     Anyone distributing FSLOGIN for any kind of remuneration must
     first contact Confirm at the address below for authorization.
     This authorization will be automatically granted to
     distributors recognized by the (ASP) as adhering to its
     guidelines for shareware distributors, and such distributors
     may begin offering FSLOGIN immediately (However Confirm must
     still be advised so that the distributor can be kept
     up-to-date with the latest version of FSLOGIN).

     You are encouraged to pass a copy of FSLOGIN along to your
     friends for evaluation. Please encourage them to register
     their copy if they find that they can use it.

     Confirm
     Ardechelaan 35
     6904 NG  ZEVENAAR
     The Netherlands

     CompuServe     : 100334,572
     Fidonet        : 2:512/250.359
     Telefax        : (+31) 8360 - 41580
     Phone          : (+31) 8360 - 24988

     Due to international regulations our phone and faxnumber will
     change in 1995. From October 10, 1995 the numbers will be:
     Phone: +31 - 316 - 524988
     Fax  : +31 - 316 - 341580

     (c) Confirm 1993, All Rights Reserved.            October 1994
     --------------------------------------------------------------
