[HECnet] Understanding Default Accounts
Peter Coghlan
HECNET at beyondthepale.ie
Sat Sep 15 20:00:27 PDT 2012
I don't have a good understanding of default accounts when using NETCONFIG.
I would like to allow people to list files in a specific directory (DIR
NODE::), PHONE me and MAIL me. Does this mean I need to specify default
accounts for FAL, MAIL and PHONE? If so, what is the purpose of the "Default
DECnet account", which is the first of the questions in the sequence below:
My understanding of it (which might not be correct) is that the default
FAL account is used if someone remote does not specify a username and password
when doing a file access on your machine, the default PHONE account is used
when someone remote PHONEs your machine without specifying a username and
password and the default MAIL account is used when someone remotely sends
MAIL-11 mail to your machine without specifying a username and password (Is
it even possible to specify a username and password with PHONE and MAIL?)
So for example, files which FAL$SERVER has rights to access will be made
available to anyone who remotely tries to access them without their having to
specify a valid username and password on your machine.
If no username and password is specified by someone attempting to access
anything remotely on your machine and no suitable default account is available
for the activity in question, the default DECnet account will then be used if
available.
Therefore (I think) the default DECnet account is a catchall and if you have
one, you are granting anyone remote from your machine, some level of access to
all DECnet services on your machine.
I can't see any real use for it except for people who are too lazy to set up
the other few default accounts that they really want which offer finer control
over what services are made available remotely. I seem to remember default
DECnet accounts going out of favour and being regarded as a security risk.
(In addition to default accounts, default proxies also come into play here but
I thought it better not to further complicate things by mentioning them...)
Regards,
Peter Coghlan.
More information about the Hecnet-list
mailing list