Expand Configuration and Management Manual (G06.24+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

521

522

523

524

525

526

527

528

529

530

Managing the Network

Expand Configuration and Management Manual—523347-008

19-10

Global Remote Passwords

secured “OOOO” (local owner only) along with other files that are only accessible

locally.

A remote user can be prevented from becoming a local user if the local super ID

specifies “A” (any local user) as the execute security for the TACL program file. This

prevents anyone on a remote node from starting a TACL process on the local node.

Also, a user who has the same user name as a user in another node cannot log on to

that node without knowing the local password for that user name. For example,

ADMIN.BILL on node \WEST cannot log onto node \EAST if ADMIN.BILL at \EAST has

a local password that is unknown to ADMIN.BILL at \WEST.

Global Remote Passwords

In some networks, it is not desirable for all users to have access to all nodes. However,

it is desirable to allow network access for certain users without forcing them to enter or

even know all the required REMOTEPASSWORD commands. In this case, a global

remote password can be established for these users.

At each node, a user named NET.ACCESS is established and the following commands

are issued:

LOGON NET.ACCESS

PASSWORD local-password

REMOTEPASSWORD \WEST, global-password

REMOTEPASSWORD \EAST, global-password

REMOTEPASSWORD \NYNY, global-password

REMOTEPASSWORD \system-n, global-password

The REMOTEPASSWORD command is used for each node on the network. The

global remote password is the same for all nodes and is known only to the system

managers. The local password is different for each node and is given only to users

who are allowed to access all nodes on the network.

Only users who know the local password can log on as NET.ACCESS. While logged

on as NET.ACCESS, these users can access remote files. For example, the following

command allows users to access remote files secured for access by NET.ACCESS:

LOGON NET.ACCESS, local-password

Subnetwork Security

In a large network, it is sometimes desirable to allow users to access some nodes but

not others. For example, users on system \SANFRAN are allowed to access nodes

\LA, \SEATTLE, and \CUPRTNO but not the \NEWYORK and \CHICAGO nodes.

In this case, the preceding examples can be extended to allow access to any number

of subnetworks (that is, any collection of individual nodes). A user such as