[HECnet] Proxy to VMS?

Thomas DeBellis tommytimesharing at gmail.com
Fri May 1 10:13:15 PDT 2020 

I'm not sure I know the exact details of proxy access.  What I know is 
that the NICE subsystem (NCP/NMLT20) on Tops-20 can be configured to 
accept unauthenticated commands from another node. TELL will do it and 
you can change the default executor.  For example, from VENTI2 to TOMMYT:

NCP>tell TOMMYT:: shoW exECUTOR chARACTERISTICS
NCP>
12:40:17     NCP
         Request # 99 Accepted

12:40:17     NCP

Request # 99; Show Executor Node Characteristics Completed

Executor Node = 2.520 (TOMMYT)

   Identification = Tommy Timesharing
   Management Version = 4.0.0
   CPU = DECSYSTEM1020
   Loop Count = 1
   Loop Length = 127
   Loop With = Mixed
   Incoming Timer = 30
   Outgoing Timer = 60
   NSP Version = 4.0.0
   Maximum Links = 65535
   Delay Factor = 48
   Delay Weight = 10
   Inactivity Timer = 120
   Retransmit Factor = 10
   Routing Version = 2.0.0
   Type = Routing IV
   Routing Timer = 600
   Broadcast Routing Timer = 40
   Maximum Address = 1023
   Maximum Circuits = 20
   Maximum Cost = 100
   Maximum Hops = 16
   Maximum Visits = 20
   Maximum Broadcast Nonrouters = 64
   Maximum Broadcast Routers = 32
   Maximum Buffers = 80
   Buffer Size = 576
   Segment Buffer Size = 576
NCP>

> ------------------------------------------------------------------------
> On 5/1/20 11:29 AM, Johnny Billquist wrote:
>
> Do TOPS-20 know about proxy access? Have you enabled outgoing proxy 
> access?
>
> In RSX and VMS, you do that by
> NCP SET EXEC OUT PROX ENA
>
> For people with VMS systems, it probably makes sense to *both* have 
> the default DECnet user, and to have proxy access enabled. Or at least 
> the default user. Having only proxy access enabled is a bad idea since 
> not all other systems knows about proxy. Proxy is nice, in that you 
> can map different remote users to different local users, in comparison 
> to the default DECnet account, which is just a catch-all. But both 
> have their uses...
>
>   Johnny
>> ------------------------------------------------------------------------
>> On 2020-05-01 17:25, Thomas DeBellis wrote:
>>
>> It fails from other hosts, too, although I don't know if that would 
>> be relevant.  This is from VENTI2.
>>
>> NCP>telL DUNE:: shoW exECUTOR chARACTERISTICS
>> NCP>
>> 11:23:52     NCP
>>          Request # 98 Accepted
>> NCP>
>> 11:23:53     NCP
>>
>> Request # 98; Show Executor Node Characteristics Failed, Listener 
>> link connect failed,
>> Link Failure = Access control rejected
>>
>> NCP>
>>> ------------------------------------------------------------------------
>>> On 5/1/20 10:26 AM, Keith Halewood wrote:
>>>
>>> Hi Bob,
>>>
>>> The specific problem is when you've removed the default account 
>>> associated with objects like NML and rely instead on proxies to 
>>> supply default information and thereby limit those hosts that have 
>>> default access to your objects.
>>>
>>> So, I've removed the default account associated with NML (and one or 
>>> two others) and my participating VAXen have a series of proxies 
>>> defined by authorize like:
>>> (on DUNE) ADD/PROXY IX::* DECNET/DEFAULT
>>> (on IX) ADD/PROXY DUNE::* DECNET/DEFAULT
>>>
>>> The above works fine between those two and the other hosts in my 
>>> network.
>>> I added Paul's mapper userID as a proxy from a range of his hosts. 
>>> The login subsequently fails.
>>>
>>> Keith
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *From*: owner-hecnet at Update.UU.SE [mailto:owner-hecnet at Update.UU.SE] 
>>> On Behalf Of Robert Armstrong
>>> *Sent*: 01 May 2020 15:20
>>> *To*: hecnet at Update.UU.SE
>>> *Subject*: RE: [HECnet] Proxy to VMS?
>>>
>>>>   On VMS, how can you set up a network object to allow access 
>>>> without a
>>> password?
>>>
>>>    The short answer is - when you go thru the NETCONFIG dialog, 
>>> there are a series of questions about "do you want a default DECnet 
>>> account" and "do you want default access to the xxx object?", where 
>>> NML is one of the objects listed.  You have to answer YES to those 
>>> questions.
>>>
>>>>   If you do this, what is required in the connect request coming in?
>>>    No idea, but I have a VMS system and we can see what it does.
>>>
>>> Bob
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20200501/0d8ce8ec/attachment.html>

More information about the Hecnet-list mailing list