KVC@ENGVAX.UUCP (Kevin Carosso) (01/22/87)
> don't know what other VMS implementations do, but I've seen analogues on > several other systems) involves running the server code as a highly > privileged process. When an FTP "login" request comes in, the server > code itself goes off to the UAF (or whatever it is called on the host > system) and verifies that login would be permitted if the user were > logging in (with whatever name, password(s), privileges, times of day, > etc., are needed). Then it sends or receives the relevant file(s) on > behalf of the user (whatever "on behalf of" means locally). > Incidentally, another characteristic of this approach is that generating > "logfail" accounting records and auditing records when an FTP login > attempt fails (and maybe even auditing records when it succeeds) gets a > little dicey. Excelan does not now do it and has no immediate plans, > having not heard an outcry from anyone but us. Other Excelan users who One way to create servers that gets around these problems is to use the mechanism DECnet uses. You can call SYS$CREPRC with a special set of arguments and have LOGINOUT validate the username and password and set up all the process privileges and rights. You also get logfail records as DECnet would. The code to do this is trivial as long as the network software you're using provides a means of passing the network connection to the new process (DECnet actually does this). It would be nice if Excelan and other network vendors would take a look at this. While DEC does not document it, it uses a lot fewer hacks than trying to validate the process yourself. Crunching the password isn't hard, but setting up the process context is. I spoke with a knowledgeable VMS developer about using DECnet's hook in LOGINOUT and he indicated that it was a fairly stable mechanism and was, at this point, probably the safest thing to do. I have implemented an FTP server for Tek TCP/IP using this and it works very well. I did, however, have to add a mechanism to the TCPACP that lets a connection be passed to another process. Excelan provides a similar mechanism. If anyone is interested, I can post more info on how you call CREPRC to create a network process. /Kevin Carosso kvc%engvax.UUCP@usc-oberon.usc.edu Hughes Aircraft Co.