On 2013-06-15 17:03, Paul_Koning at Dell.com wrote:
On Jun 15, 2013, at 9:19 AM, Johnny Billquist wrote:
On 2013-06-15 14:59, Bob Armstrong wrote:
My workaround for that is to use DECnet proxy information.
However, I'm not sure that is available in 11M.
Sadly, there is no proxy support on M - only M+.
I still don't understand how it works when talking to a VMS system,
though? LENTO is doing the same thing in either case, but with a VMS system
on the far end all is well and with an RSX system on the other end it
doesn't work.
In all cases, if account information is passed in the request, it is used. For any OS. If no account information is passed, but both requesting node includes proxy information, and responding nodes make use of proxy information, this is used to get an account under which to process the reqeuest.
With VMS, if a request comes in without any account information, VMS applies the default account as the user under which to run the request. The requesting node have no involvement in this.
Proxy access is not standardized or documented (at the protocol level). I think it's simply this: the access control fields in the session control protocol are optional. If they are omitted, it's up to the receiving node to decide what to do about it (if the application protocol in question has the notion of access control). In some systems, the answer is "reject". In others, the answer is "use a default account" (RSTS has this).
Well, proxy is something that needs to be enabled on both sides for it to work, so it definitely involves passing some information in the packets. So it has to be documented somewhere. Keep searching.
A variation which some OSs might use (I forgot) is to handle the case where a user name is supplied but no password.
I wonder what the expected behavior of that should be? Seems like just failed access to me (unless the account actually have an empty password).
Johnny
On 2013-06-15 16:59, Paul_Koning at Dell.com wrote:
On Jun 15, 2013, at 7:26 AM, Johnny Billquist wrote:
On 2013-06-13 08:23, Mark Benson wrote:
Due to the limits on our ability to get internet service of any decent
speed, we're having to change packages meaning we will lose out fixed IP
in November. I'd like to work towards being able to stay on HECnet
before then using STAR69 to maintain my connection.
Well, do you know if you'll get different addresses often? Many ISPs give dynamic IP addresses, but you actually stay on the same address for months, which makes it a rather small problem. I haven't had a change in address in over 6 months myself.
And even if you do, with dynamic DNS you still have a hostname that stays fixed. All you need is for the things that connect to you, or check your address, to be able to deal with names.
Well, they also need to recheck every so often... :-)
My bridge program, for example, only do name resolution when processing the config file.
Johnny
On Jun 15, 2013, at 9:19 AM, Johnny Billquist wrote:
On 2013-06-15 14:59, Bob Armstrong wrote:
My workaround for that is to use DECnet proxy information.
However, I'm not sure that is available in 11M.
Sadly, there is no proxy support on M - only M+.
I still don't understand how it works when talking to a VMS system,
though? LENTO is doing the same thing in either case, but with a VMS system
on the far end all is well and with an RSX system on the other end it
doesn't work.
In all cases, if account information is passed in the request, it is used. For any OS. If no account information is passed, but both requesting node includes proxy information, and responding nodes make use of proxy information, this is used to get an account under which to process the reqeuest.
With VMS, if a request comes in without any account information, VMS applies the default account as the user under which to run the request. The requesting node have no involvement in this.
Proxy access is not standardized or documented (at the protocol level). I think it's simply this: the access control fields in the session control protocol are optional. If they are omitted, it's up to the receiving node to decide what to do about it (if the application protocol in question has the notion of access control). In some systems, the answer is "reject". In others, the answer is "use a default account" (RSTS has this).
A variation which some OSs might use (I forgot) is to handle the case where a user name is supplied but no password.
paul
On Jun 15, 2013, at 7:26 AM, Johnny Billquist wrote:
On 2013-06-13 08:23, Mark Benson wrote:
Due to the limits on our ability to get internet service of any decent
speed, we're having to change packages meaning we will lose out fixed IP
in November. I'd like to work towards being able to stay on HECnet
before then using STAR69 to maintain my connection.
Well, do you know if you'll get different addresses often? Many ISPs give dynamic IP addresses, but you actually stay on the same address for months, which makes it a rather small problem. I haven't had a change in address in over 6 months myself.
And even if you do, with dynamic DNS you still have a hostname that stays fixed. All you need is for the things that connect to you, or check your address, to be able to deal with names.
paul
On 2013-06-15 15:28, Bob Armstrong wrote:
if a request comes in without any account information, VMS applies
the default account as the user under which to run the request.
Ah - and 11M+ can't do this? Didn't know that... Thanks.
Right. No RSX have any default account for DECnet. However, M+ have proxy, which can be made to work pretty close.
Johnny
if a request comes in without any account information, VMS applies
the default account as the user under which to run the request.
Ah - and 11M+ can't do this? Didn't know that... Thanks.
Bob
On 2013-06-15 14:59, Bob Armstrong wrote:
My workaround for that is to use DECnet proxy information.
However, I'm not sure that is available in 11M.
Sadly, there is no proxy support on M - only M+.
I still don't understand how it works when talking to a VMS system,
though? LENTO is doing the same thing in either case, but with a VMS system
on the far end all is well and with an RSX system on the other end it
doesn't work.
In all cases, if account information is passed in the request, it is used. For any OS. If no account information is passed, but both requesting node includes proxy information, and responding nodes make use of proxy information, this is used to get an account under which to process the reqeuest.
With VMS, if a request comes in without any account information, VMS applies the default account as the user under which to run the request. The requesting node have no involvement in this.
Johnny
My workaround for that is to use DECnet proxy information.
However, I'm not sure that is available in 11M.
Sadly, there is no proxy support on M - only M+.
I still don't understand how it works when talking to a VMS system,
though? LENTO is doing the same thing in either case, but with a VMS system
on the far end all is well and with an RSX system on the other end it
doesn't work.
Bob
On 2013-06-13 08:23, Mark Benson wrote:
Due to the limits on our ability to get internet service of any decent
speed, we're having to change packages meaning we will lose out fixed IP
in November. I'd like to work towards being able to stay on HECnet
before then using STAR69 to maintain my connection.
Well, do you know if you'll get different addresses often? Many ISPs give dynamic IP addresses, but you actually stay on the same address for months, which makes it a rather small problem. I haven't had a change in address in over 6 months myself.
Johnny
Hi, Bob.
On 2013-06-13 15:11, Bob Armstrong wrote:
or What I know about DECnet-11 (several things, undoubtedly :-)
I have a DECnet-11 RSX-11M (no + !) system, LENTO. On LENTO I can say
>NFT LEGATO::/LI [LEGATO is a
VMS node]
and I get a directory of the default DECnet account on LEGATO - exactly
what I d expect to happen. But if I say
>NFT MIM::DU:[4,54]/LI [MIM being an RSX node]
I get
NFT -- Error in reading directory MIM::DU:[4,54]
Access control rejected
On VMS this behavior is controlled by the SET EXECUTOR DEFAULT ACCESS
characteristic, but DECnet-11 doesn t seem to have an equivalent.
What s the secret to making this work on RSX?
Right.
The problem is that in RSX you do not have a default access account.
My workaround for that is to use DECnet proxy information. However, I'm not sure that is available in 11M. But that is what you need to look for. I know of no other solution.
Johnny
