[HECnet] Proxy to VMS?
Thomas DeBellis
tommytimesharing at gmail.com
Fri May 1 10:13:15 PDT 2020
I'm not sure I know the exact details of proxy access. What I know is
that the NICE subsystem (NCP/NMLT20) on Tops-20 can be configured to
accept unauthenticated commands from another node. TELL will do it and
you can change the default executor. For example, from VENTI2 to TOMMYT:
NCP>tell TOMMYT:: shoW exECUTOR chARACTERISTICS
NCP>
12:40:17 NCP
Request # 99 Accepted
12:40:17 NCP
Request # 99; Show Executor Node Characteristics Completed
Executor Node = 2.520 (TOMMYT)
Identification = Tommy Timesharing
Management Version = 4.0.0
CPU = DECSYSTEM1020
Loop Count = 1
Loop Length = 127
Loop With = Mixed
Incoming Timer = 30
Outgoing Timer = 60
NSP Version = 4.0.0
Maximum Links = 65535
Delay Factor = 48
Delay Weight = 10
Inactivity Timer = 120
Retransmit Factor = 10
Routing Version = 2.0.0
Type = Routing IV
Routing Timer = 600
Broadcast Routing Timer = 40
Maximum Address = 1023
Maximum Circuits = 20
Maximum Cost = 100
Maximum Hops = 16
Maximum Visits = 20
Maximum Broadcast Nonrouters = 64
Maximum Broadcast Routers = 32
Maximum Buffers = 80
Buffer Size = 576
Segment Buffer Size = 576
NCP>
> ------------------------------------------------------------------------
> On 5/1/20 11:29 AM, Johnny Billquist wrote:
>
> Do TOPS-20 know about proxy access? Have you enabled outgoing proxy
> access?
>
> In RSX and VMS, you do that by
> NCP SET EXEC OUT PROX ENA
>
> For people with VMS systems, it probably makes sense to *both* have
> the default DECnet user, and to have proxy access enabled. Or at least
> the default user. Having only proxy access enabled is a bad idea since
> not all other systems knows about proxy. Proxy is nice, in that you
> can map different remote users to different local users, in comparison
> to the default DECnet account, which is just a catch-all. But both
> have their uses...
>
> Johnny
>> ------------------------------------------------------------------------
>> On 2020-05-01 17:25, Thomas DeBellis wrote:
>>
>> It fails from other hosts, too, although I don't know if that would
>> be relevant. This is from VENTI2.
>>
>> NCP>telL DUNE:: shoW exECUTOR chARACTERISTICS
>> NCP>
>> 11:23:52 NCP
>> Request # 98 Accepted
>> NCP>
>> 11:23:53 NCP
>>
>> Request # 98; Show Executor Node Characteristics Failed, Listener
>> link connect failed,
>> Link Failure = Access control rejected
>>
>> NCP>
>>> ------------------------------------------------------------------------
>>> On 5/1/20 10:26 AM, Keith Halewood wrote:
>>>
>>> Hi Bob,
>>>
>>> The specific problem is when you've removed the default account
>>> associated with objects like NML and rely instead on proxies to
>>> supply default information and thereby limit those hosts that have
>>> default access to your objects.
>>>
>>> So, I've removed the default account associated with NML (and one or
>>> two others) and my participating VAXen have a series of proxies
>>> defined by authorize like:
>>> (on DUNE) ADD/PROXY IX::* DECNET/DEFAULT
>>> (on IX) ADD/PROXY DUNE::* DECNET/DEFAULT
>>>
>>> The above works fine between those two and the other hosts in my
>>> network.
>>> I added Paul's mapper userID as a proxy from a range of his hosts.
>>> The login subsequently fails.
>>>
>>> Keith
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *From*: owner-hecnet at Update.UU.SE [mailto:owner-hecnet at Update.UU.SE]
>>> On Behalf Of Robert Armstrong
>>> *Sent*: 01 May 2020 15:20
>>> *To*: hecnet at Update.UU.SE
>>> *Subject*: RE: [HECnet] Proxy to VMS?
>>>
>>>> On VMS, how can you set up a network object to allow access
>>>> without a
>>> password?
>>>
>>> The short answer is - when you go thru the NETCONFIG dialog,
>>> there are a series of questions about "do you want a default DECnet
>>> account" and "do you want default access to the xxx object?", where
>>> NML is one of the objects listed. You have to answer YES to those
>>> questions.
>>>
>>>> If you do this, what is required in the connect request coming in?
>>> No idea, but I have a VMS system and we can see what it does.
>>>
>>> Bob
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20200501/0d8ce8ec/attachment.html>
More information about the Hecnet-list
mailing list