<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I'm not sure I know the exact details of proxy access. What I
know is that the NICE subsystem (NCP/NMLT20) on Tops-20 can be
configured to accept unauthenticated commands from another node.
TELL will do it and you can change the default executor. For
example, from VENTI2 to TOMMYT:<br>
</p>
<p><tt>NCP>tell TOMMYT:: shoW exECUTOR chARACTERISTICS </tt><tt><br>
</tt><tt>NCP></tt><tt><br>
</tt><tt>12:40:17 NCP</tt><tt><br>
</tt><tt> Request # 99 Accepted</tt><tt><br>
</tt><tt><br>
</tt><tt>12:40:17 NCP</tt><tt><br>
</tt><tt><br>
</tt><tt>Request # 99; Show Executor Node Characteristics
Completed</tt><tt><br>
</tt><tt><br>
</tt><tt>Executor Node = 2.520 (TOMMYT)</tt><tt><br>
</tt><tt><br>
</tt><tt> Identification = Tommy Timesharing</tt><tt><br>
</tt><tt> Management Version = 4.0.0</tt><tt><br>
</tt><tt> CPU = DECSYSTEM1020</tt><tt><br>
</tt><tt> Loop Count = 1</tt><tt><br>
</tt><tt> Loop Length = 127</tt><tt><br>
</tt><tt> Loop With = Mixed</tt><tt><br>
</tt><tt> Incoming Timer = 30</tt><tt><br>
</tt><tt> Outgoing Timer = 60</tt><tt><br>
</tt><tt> NSP Version = 4.0.0</tt><tt><br>
</tt><tt> Maximum Links = 65535</tt><tt><br>
</tt><tt> Delay Factor = 48</tt><tt><br>
</tt><tt> Delay Weight = 10</tt><tt><br>
</tt><tt> Inactivity Timer = 120</tt><tt><br>
</tt><tt> Retransmit Factor = 10</tt><tt><br>
</tt><tt> Routing Version = 2.0.0</tt><tt><br>
</tt><tt> Type = Routing IV</tt><tt><br>
</tt><tt> Routing Timer = 600</tt><tt><br>
</tt><tt> Broadcast Routing Timer = 40</tt><tt><br>
</tt><tt> Maximum Address = 1023</tt><tt><br>
</tt><tt> Maximum Circuits = 20</tt><tt><br>
</tt><tt> Maximum Cost = 100</tt><tt><br>
</tt><tt> Maximum Hops = 16</tt><tt><br>
</tt><tt> Maximum Visits = 20</tt><tt><br>
</tt><tt> Maximum Broadcast Nonrouters = 64</tt><tt><br>
</tt><tt> Maximum Broadcast Routers = 32</tt><tt><br>
</tt><tt> Maximum Buffers = 80</tt><tt><br>
</tt><tt> Buffer Size = 576</tt><tt><br>
</tt><tt> Segment Buffer Size = 576</tt><tt><br>
</tt><tt>NCP></tt><br>
</p>
<blockquote type="cite"
cite="mid:b9a5a688-f590-d333-ab63-0307d1262fac@softjar.se">
<hr width="100%" size="2">On 5/1/20 11:29 AM, Johnny Billquist
wrote:<br>
<br>
Do TOPS-20 know about proxy access? Have you enabled outgoing
proxy access?
<br>
<br>
In RSX and VMS, you do that by
<br>
NCP SET EXEC OUT PROX ENA
<br>
<br>
For people with VMS systems, it probably makes sense to *both*
have the default DECnet user, and to have proxy access enabled. Or
at least the default user. Having only proxy access enabled is a
bad idea since not all other systems knows about proxy. Proxy is
nice, in that you can map different remote users to different
local users, in comparison to the default DECnet account, which is
just a catch-all. But both have their uses...
<br>
<br>
Johnny
<br>
<blockquote type="cite">
<hr width="100%" size="2">On 2020-05-01 17:25, Thomas DeBellis
wrote:
<br>
<br>
It fails from other hosts, too, although I don't know if that
would be relevant. This is from VENTI2.
<br>
<br>
NCP>telL DUNE:: shoW exECUTOR chARACTERISTICS
<br>
NCP>
<br>
11:23:52 NCP
<br>
Request # 98 Accepted
<br>
NCP>
<br>
11:23:53 NCP
<br>
<br>
Request # 98; Show Executor Node Characteristics Failed,
Listener link connect failed,
<br>
Link Failure = Access control rejected
<br>
<br>
NCP><br>
<blockquote type="cite">
<hr width="100%" size="2">On 5/1/20 10:26 AM, Keith Halewood
wrote:
<br>
<br>
Hi Bob,
<br>
<br>
The specific problem is when you've removed the default
account associated with objects like NML and rely instead on
proxies to supply default information and thereby limit those
hosts that have default access to your objects.
<br>
<br>
So, I've removed the default account associated with NML (and
one or two others) and my participating VAXen have a series of
proxies defined by authorize like:
<br>
(on DUNE) ADD/PROXY IX::* DECNET/DEFAULT
<br>
(on IX) ADD/PROXY DUNE::* DECNET/DEFAULT
<br>
<br>
The above works fine between those two and the other hosts in
my network.
<br>
I added Paul's mapper userID as a proxy from a range of his
hosts. The login subsequently fails.
<br>
<br>
Keith
<br>
<br>
<hr width="100%" size="2"><br>
<b>From</b>: <a class="moz-txt-link-abbreviated" href="mailto:owner-hecnet@Update.UU.SE">owner-hecnet@Update.UU.SE</a>
[<a class="moz-txt-link-freetext" href="mailto:owner-hecnet@Update.UU.SE">mailto:owner-hecnet@Update.UU.SE</a>] On Behalf Of Robert
Armstrong
<br>
<b>Sent</b>: 01 May 2020 15:20
<br>
<b>To</b>: <a class="moz-txt-link-abbreviated" href="mailto:hecnet@Update.UU.SE">hecnet@Update.UU.SE</a>
<br>
<b>Subject</b>: RE: [HECnet] Proxy to VMS?
<br>
<br>
<blockquote type="cite"> On VMS, how can you set up a network
object to allow access without a
<br>
</blockquote>
password?
<br>
<br>
The short answer is - when you go thru the NETCONFIG
dialog, there are a series of questions about "do you want a
default DECnet account" and "do you want default access to the
xxx object?", where NML is one of the objects listed. You
have to answer YES to those questions.
<br>
<br>
<blockquote type="cite"> If you do this, what is required in
the connect request coming in?
<br>
</blockquote>
No idea, but I have a VMS system and we can see what it
does.
<br>
<br>
Bob
<br>
<br>
<br>
</blockquote>
</blockquote>
<br>
</blockquote>
</body>
</html>