CALIFFM@BAYLOR.BITNET (Michael Califf) (12/13/87)
Warning: Possible RTFM question - The manuals are locked up while our
system manager is at DECUS.
Is it possible to restrict Decnet FAL access based upon host name? I remember
seeing something about this a while back, but at that poing we hadn't even
ordered our VAXStations. Our 8700 has the command $ FAL$COMMAND :== LOGOUT
in its login.com file. Is it possible to put in some code to make it a
little less heavy-handed regarding local nodes?
Thanks in advance,
Mike Califf
Communications Software Coordinator
Baylor University
CALIFFM@BAYLOR.BITNETLEICHTER@VENUS.YCC.YALE.EDU ("Jerry Leichter ", LEICHTER-JERRY@CS.YALE.EDU) (12/25/87)
Is it possible to restrict Decnet FAL access based upon host name? I remember seeing something about this a while back, but at that poing we hadn't even ordered our VAXStations. Our 8700 has the command $ FAL$COMMAND :== LOGOUT in its login.com file. Is it possible to put in some code to make it a little less heavy-handed regarding local nodes? Sure. If you translate the logical SYS$NET within a network job, you get back the NCB, which starts off with the name of the node the connection is coming from. FAL.COM could use this information to enforce any kind of access control it wanted. Note that by default the FAL object has its "FILE" set to FAL.EXE. Hence, it will be run directly from a NETSERVER process, and will not execute FAL.COM. You have to set the object's FILE to just FAL. This form of startup takes longer and has more overhead. I suspect, though, that you may want to think about this some more. In many cases, a better solution is to set the default account for FAL to some invalid value, then provide PROXY access for those machines/users who should be allowed in. -- Jerry