longstaf@lll-lcc.aRpA (Thomas A Longstaff) (09/28/87)
--------------------------------------------------------------------
I am currently evaluating a connection scheme for Macs, PC's,
and unix boxes (no flames please, it's not my fault!) to be used in
our project. One of the components we are considering is a Kinetics
fastpath to connect our appletalk to another appletalk at a remote
location on the net. We are currently using TOPS for our software.
Now for the questions.
1. Is this possible? Has anyone done this? After talking to
Centram and Kinetics I get a lot of conflicting and confusing
information about "maybe" and "depends on the other guy" type of talk.
If it is not possible to use TOPS through fastpath boxes, how about
appleshare?
2. Assuming the answer to 1. is yes, what's to keep anyone else
with a fastpath from accessing our files and laserwritters? We would
rather not password protect all volumes on the net, and I don't know
of any way to protect the laserwritters. This is a potentially big
problem which I have not seen addressed in this forum or any place
else. Again, questions to Centram or Kinetics have been little help.
A partial answer seems to include appletalk zones, but does TOPS
support this concept?
If these questions generate any interest, I'll summarize
responses to the net. Or perhaps this isn't an issue because it isn't
possible? If this is not possible, is there any benefit to having two
appletalks connected to fastpaths and long haul networks?
Tom Longstaff
longstaf@lll-lcc.ARPA
{lll-crg,harvard,sun,dual,rutgers,seismo,ihnp4}!lll-lcc!longstaf
Lawrence Livermore Natl Lab
L-542, Box 808
Livermore, CA 94550
415-423-4416elwell@tut.UUCP (09/29/87)
longstaf@lll-lcc.aRpA (Thomas A Longstaff) writes:
--------------------------------------------------------------------
I am currently evaluating a connection scheme for Macs, PC's,
and unix boxes (no flames please, it's not my fault!) to be used in
our project. One of the components we are considering is a Kinetics
fastpath to connect our appletalk to another appletalk at a remote
location on the net. We are currently using TOPS for our software.
Now for the questions.
1. Is this possible? Has anyone done this?
Yes. Works fine for both TOPS and AppleShare. Be aware that UNIX
TOPS is a rather new product, though...
2. Assuming the answer to 1. is yes, what's to keep anyone else
with a fastpath from accessing our files and laserwritters?
Nothing. This is a major flaw with the current AppleTalk
architecture, at least when it is scaled up beyond the work-group level.
--
Clayton M. Elwell
The Ohio State University Department of Computer and Information Science
(614) 292-6546 UUCP: ...!cbosgd!osu-cis!tut.cis.ohio-state.edu!elwell
ARPA: elwell@ohio-state.arpa (not working well right now)stew@endor.UUCP (10/01/87)
In article <1185@lll-lcc.aRpA> longstaf@lll-lcc.aRpA (Thomas A Longstaff) writes: >One of the components we are considering is a Kinetics >fastpath to connect our appletalk to another appletalk at a remote >location on the net. We are currently using TOPS for our software. >Now for the questions. > >1. Is this possible? Has anyone done this? After talking to >Centram and Kinetics I get a lot of conflicting and confusing >information about "maybe" and "depends on the other guy" type of talk. >If it is not possible to use TOPS through fastpath boxes, how about >appleshare? I don't have extensive experience with this, but I did do the experiment. Yes, it is possible. The version of TOPS which I tried (Sept, 1986) doesn't deal with zones; you have to be in the same zone as the machine you want to talk to. Appleshare and LaserWriter don't have this problem. >2. Assuming the answer to 1. is yes, what's to keep anyone else >with a fastpath from accessing our files and laserwritters? with a fastpath ***and access to your ethernet***, nothing. This is not an uncommon problem. If you want to protect the servers and laserwriters from unauthorized use, you gotta password them. The laserwriter has a password, too. You set it with code like: 0 serverdict begin exitserver 0 1234567 setpassword {(Password set OK)}{(Password not set)}ifelse print where zero is the old (default) password, and 1234567 is the new one. Then you have to edit the laserwriter file in your system folder. Use FEdit and search for 0000000. It should be followed by a serverdict begin exitserver. Change the zeroes to your new password. Distribute the modified laserwriter file to everyone authorized to use the laserwriter. Not only is this an unsupported royal pain, but it only keeps unauthorized people from initializing the laserwriter; once it has been initialized, anyone can use it. Stew Rubenstein Cambridge Scientific Computing, Inc. UUCPnet: seismo!harvard!rubenstein CompuServe: 76525,421 Internet: rubenstein@harvard.harvard.edu MCIMail: CSC
verber@tut.cis.ohio-state.edu (Mark A. Verber) (10/02/87)
Yes, It is possible to use TOPS through kinetics boxes. We do it all the time. You can run any style of gateway and get things to work. As to protection, that is another story. The version of TOPS that we have doesn't yet support Zones properly. So your file servers would be protected in a sense if the different networks had different Zone names. This would not protect your laserwriters since the chooser and the laserwriter drivers are smart about zones. The latest version of the KIP gateway (you can pick it up at sumex:<info-mac>at-kip.shar) has some hacks to hide laserwriters based on Zone name. I know that Bill Croft is looking at some general way to hide anything requested from other zones which would effectively protect your resources. As far as using AppleShare -vs- TOPS I would suggest (if you have the resources) to use appleshare. It is much nicer for general users and admins that TOPS. A number of problems should as the desktop being shared by multiple people has been addressed. TOPS is great when you have a small number of machines in a trusting environment, AppleShare is much better on the larger scale where you want some security and central admin. Cheers, ----------------------------------------------------------------------- Computer Science Department Mark A. Verber The Ohio State University verber@ohio-state.arpa +1 (614) 292-7344 cbosgd!osu-eddie!verber
kurt@doodah.UUCP (Kurt VanderSluis) (10/05/87)
> longstaf@lll-lcc.aRpA (Thomas A Longstaff) writes: > >> our project. One of the components we are considering is a Kinetics >> fastpath to connect our appletalk to another appletalk at a remote >> location on the net. We are currently using TOPS for our software. >> >> 1. Is this possible? Has anyone done this? > Clayton Elwell answers: > Yes. Works fine for both TOPS and AppleShare. Be aware that UNIX > TOPS is a rather new product, though... Thomas: > >> 2. Assuming the answer to 1. is yes, what's to keep anyone else >> with a fastpath from accessing our files and laserwritters? > Clayton: > Nothing. This is a major flaw with the current AppleTalk > architecture, at least when it is scaled up beyond the work-group level. > I was unaware that TOPS worked inter-zone across Kinetics boxes. Both TOPS and AppleShare have password protection available. You can't keep them from using your laserwriters. If someone knows how to use TOPS inter-zone with 3/18/87, please let me know. -- Kurt VanderSluis ********************************* Boeing Computer Services * These opinions are mine, * M/S 6R-37 P.O. 24346 * not the Boeing Company's. * Seattle, WA 98124 *********************************
elwell@tut.cis.ohio-state.edu (Clayton Elwell) (10/08/87)
kurt@doodah.UUCP (Kurt VanderSluis) writes:
I was unaware that TOPS worked inter-zone across Kinetics boxes. Both
TOPS and AppleShare have password protection available. You can't
keep them from using your laserwriters.
If someone knows how to use TOPS inter-zone with 3/18/87, please let
me know.
--
Kurt VanderSluis *********************************
Boeing Computer Services * These opinions are mine, *
M/S 6R-37 P.O. 24346 * not the Boeing Company's. *
Seattle, WA 98124 *********************************
I looked at my article again, so I'm sure I never said TOPS did work
across different zones. As a point of fact, it doesn't. We may have
had differeing interpretations of "remote AppleTalk network." I
assumed it was simply in a remote location, not a different zone.
--
Clayton M. Elwell
The Ohio State University Department of Computer and Information Science
(614) 292-6546 UUCP: ...!cbosgd!osu-cis!tut.cis.ohio-state.edu!elwell
ARPA: elwell@ohio-state.arpa (not working well right now)