1 May
2020
1 May
'20
7:13 p.m.
I'm not sure I know the exact details of proxy access.? What I know is
that the NICE subsystem (NCP/NMLT20) on Tops-20 can be configured to
accept unauthenticated commands from another node. TELL will do it and
you can change the default executor.? For example, from VENTI2 to TOMMYT:
NCP>tell TOMMYT:: shoW exECUTOR chARACTERISTICS
NCP>
12:40:17 ??? NCP
??? ??? Request # 99 Accepted
12:40:17 ??? NCP
Request # 99; Show Executor Node Characteristics Completed
Executor Node = 2.520 (TOMMYT)
? Identification = Tommy Timesharing
? Management Version = 4.0.0
? CPU = DECSYSTEM1020
? Loop Count = 1
? Loop Length = 127
? Loop With = Mixed
? Incoming Timer = 30
? Outgoing Timer = 60
? NSP Version = 4.0.0
? Maximum Links = 65535
? Delay Factor = 48
? Delay Weight = 10
? Inactivity Timer = 120
? Retransmit Factor = 10
? Routing Version = 2.0.0
? Type = Routing IV
? Routing Timer = 600
? Broadcast Routing Timer = 40
? Maximum Address = 1023
? Maximum Circuits = 20
? Maximum Cost = 100
? Maximum Hops = 16
? Maximum Visits = 20
? Maximum Broadcast Nonrouters = 64
? Maximum Broadcast Routers = 32
? Maximum Buffers = 80
? Buffer Size = 576
? Segment Buffer Size = 576
NCP>
------------------------------------------------------------------------
On 5/1/20 11:29 AM, Johnny Billquist wrote:
Do TOPS-20 know about proxy access? Have you enabled outgoing proxy
access?
In RSX and VMS, you do that by
NCP SET EXEC OUT PROX ENA
For people with VMS systems, it probably makes sense to *both* have
the default DECnet user, and to have proxy access enabled. Or at least
the default user. Having only proxy access enabled is a bad idea since
not all other systems knows about proxy. Proxy is nice, in that you
can map different remote users to different local users, in comparison
to the default DECnet account, which is just a catch-all. But both
have their uses...
? Johnny
------------------------------------------------------------------------
On 2020-05-01 17:25, Thomas DeBellis wrote:
It fails from other hosts, too, although I don't know if that would
be relevant.? This is from VENTI2.
NCP>telL DUNE:: shoW exECUTOR chARACTERISTICS
NCP>
11:23:52 ??? NCP
???? ??? Request # 98 Accepted
NCP>
11:23:53 ??? NCP
Request # 98; Show Executor Node Characteristics Failed, Listener
link connect failed,
Link Failure = Access control rejected
NCP>
> ------------------------------------------------------------------------
> On 5/1/20 10:26 AM, Keith Halewood wrote:
>
> Hi Bob,
>
> The specific problem is when you've removed the default account
> associated with objects like NML and rely instead on proxies to
> supply default information and thereby limit those hosts that have
> default access to your objects.
>
> So, I've removed the default account associated with NML (and one or
> two others) and my participating VAXen have a series of proxies
> defined by authorize like:
> (on DUNE) ADD/PROXY IX::* DECNET/DEFAULT
> (on IX) ADD/PROXY DUNE::* DECNET/DEFAULT
>
> The above works fine between those two and the other hosts in my
> network.
> I added Paul's mapper userID as a proxy from a range of his hosts.
> The login subsequently fails.
>
> Keith
>
> ------------------------------------------------------------------------
>
> *From*: owner-hecnet at Update.UU.SE [mailto:owner-hecnet at Update.UU.SE]
> On Behalf Of Robert Armstrong
> *Sent*: 01 May 2020 15:20
> *To*: hecnet at Update.UU.SE
> *Subject*: RE: [HECnet] Proxy to VMS?
>
>> ? On VMS, how can you set up a network object to allow access
>> without a
> password?
>
> ?? The short answer is - when you go thru the NETCONFIG dialog,
> there are a series of questions about "do you want a default DECnet
> account" and "do you want default access to the xxx object?", where
> NML is one of the objects listed.? You have to answer YES to those
> questions.
>
>> ? If you do this, what is required in the connect request coming in?
> ?? No idea, but I have a VMS system and we can see what it does.
>
> Bob
>
>