Manualshelf

Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS
311312313314315316317318319320
Remote (R) Commands
16.2 Managing the R Command Servers
Table 16–1 RLOGIN Logical Names
Logical Name Description
TCPIP$RLOGIN_VTA Enables RLOGIN virtual terminals. For more
information, see Section 16.3.
TCPIP$RLOGIN_MESSAGE Specifies the welcome message displayed by
the RLOGIN server. For more information,
see Section 16.4.
16.3 Security Considerations
Because R commands can bypass normal password verification, it is important to
configure these applications carefully to avoid compromising system security. In a
complex networking environment, improperly configured R commands can open
access to your host to virtually anyone on the network.
A properly configured environment grants remote access to preauthorized
clients. You can limit access by adding an entry to the proxy database
(TCPIP$PROXY.DAT) for each user authorized to access your host. This
entry, called a communication proxy, provides the user name and name of the
remote host. To add a communication proxy, enter:
TCPIP> ADD PROXY user /HOST=host /REMOTE_USER=user
For each host, be sure to define the host name and any aliases.
Users with communication proxies cannot use virtual terminals. Therefore, if the
logical name TCPIP$RLOGIN_VTA is set, users logging in by proxies will observe
that the terminal device they are assigned is displayed as TNAnnn rather than
VTAnnn. For more information, see Section 16.2.2.
16.3.1 Registering Remote Users
For users on UNIX hosts, the following information must be listed in at least one
of the following databases:
Database File Type of Information
/etc/hosts.equiv
Host name and user name
.rhosts
(in the user’s home directory)
Host name and user name
For users on OpenVMS clients running TCP/IP Services, check that the
appropriate proxy information is in the remote system’s proxy database.
You can also restrict remote printing to specific users by entering:
TCPIP> SET SERVICE service /FLAGS=APPLICATION_PROXY
With this flag set, the R commands use the communication entries in the proxy
database for authentication.
To reject access from a remote host, use the SET SERVICE service /REJECT
command. For example:
TCPIP> SET SERVICE RLOGIN /REJECT=HOSTS=(loon,ibis,tern)
Remote (R) Commands 16–3