Raghuram Devarakonda · Apr 24, 2017

How to enable OS level authentication from command line?


I am able to enable OS level authentication for an instance from the UI (System Administration => Security => System Security => Authentication/CSP Session Options) but is there a way this can be done from command line as well?



0 483
Discussion (7)4
Log in or sign up to continue

It looks like the AutheEnabled property of Security.System is the equivalent. See class doc here.

Use the Get and Modify classmethods to fetch and update values.

Thanks for the pointer. I couldn't figure out exact code to set "AuthEnabled" property so instead, I used "Import" function to modify it. I found the exact value for "OS Authentication" by exporting from another instance where I enabled it from UI.



The AutheEnabled property is an integer value that is treated as a set of bitflags. Here's one way of decomposing it:

%SYS>set sc=##class(Security.System).Get(,.props)

%SYS>for bit=0:1:31 if $zboolean(props("AutheEnabled"),2**bit,1) write !,"Bit ",bit," is set"
Bit 4 is set
Bit 5 is set
Bit 6 is set
Bit 10 is set

Documentation for the $ZBOOLEAN function is here. You can use the OR operation (third argument = 7) to set a specific bit within the existing value. For example, to ensure bit 4 (whose meaning is AutheOS) is set:

set props("AutheEnabled")=$zboolean(props("AutheEnabled"),2**4,7)

If you are satisfied with my answer please click on the checkmark alongside its title.

Thanks John, this was invaluable.  Works for Security.Services class to modify %Services_* too, in case anyone else stumbles across this in the future!


Is it possible to set this using iris merge functionality?

You can also do this via ^SECURITY

1) User setup
2) Role setup
3) Service setup
4) Resource setup
5) Application setup
6) Auditing setup
7) Domain setup
8) SSL configuration setup
9) Mobile phone service provider setup
10) OpenAM Identity Services setup
11) Encryption key setup
12) System parameter setup
13) X509 User setup
14) Exit
Option? 12
1) Edit system options
2) Edit authentication options