Page 1 of 1

using logical or symbol to access system via decnet

Posted: Wed Mar 30, 2022 3:23 pm
by willemgrooters
One of the problems I know of using Decnet for login to a system is the use of a (plaintext) password, like:

Code: Select all

$ copy Node1"User1 Th1s1sAbadpwd":disk:[dir]file.ext [] /log
In case of logging, you'd see:

Code: Select all

%COPY-S-COPIED, Node1"User1 password"::disk:[dir]file.ext copied to (current location)
but when verification is on, you would see the full COPY line, including the password.

Years ago on a job where Decnet was used, there was a workaround using a logical or symbol containing the node, username and password, not normally visible in both command and result, but I do not recall how this was done. I tried both but both failed. Can anyone tell me how this could be done? (My systems have been setup for DECNet-Plus, using DOMAIN as namespace)

Re: using logical or symbol to access system via decnet

Posted: Wed Mar 30, 2022 6:40 pm
by puder
I use this, which I call DEFPASS.COM

Code: Select all

$! define a logical name to hold the node"user pass"::
$
$ lognam = p1
$ node = p2
$ user = p3
$ pass = p4
$ if lognam .eqs. "" then inquire lognam "logical name"
$ if node .eqs. "" then inquire node "node"
$! if user .eqs. "" then user = f$getjpi("","username")
$ if user .eqs. "" then inquire user "username"
$ if pass .eqs. ""
$ then
$  on control_y then goto fix_term
$  set noon
$  set terminal/noecho
$  ! inquire pass "password"
$  read sys$command pass /prompt="password: "
$  fix_term:
$  set terminal/echo
$  set on
$ endif
$
$ node = f$edit(node,"collapse,lowercase")
$ user = f$edit(user,"collapse,lowercase")
$ ! pass = f$edit(pass,"collapse")
$
$ define 'lognam' "''node'""''user' ''pass'""::"
$
$ exit

Re: using logical or symbol to access system via decnet

Posted: Wed Mar 30, 2022 9:56 pm
by sms

Code: Select all

> One of the problems I know of using Decnet for login to a system is
> the use of a (plaintext) password, [...]

   Would "no visible password" be better?

> [...] Years ago on a job where Decnet was used, there was a workaround
> using a logical or symbol containing the node, username and password,
> [...]

   Depending on exactly what you want to do (or not do), one possibility
might be something other than a symbol or logical name -- A DECnet proxy
can give you DECnet access without your explicitly specifying a password
(or even a user name, if it's the same on the remote system).

   For example, around here, on node ITS, as user SYSTEM:

ITS $ dire slow_*.com;   ! Local.

Directory SYS$SYSROOT:[SYSMGR]

SLOW_ITS.COM;6      

Total of 1 file.

ITS $ dire rex::slow_*.com;   ! DECnet-remote.

Directory REX::SYS$SYSROOT:[SYSMGR]

SLOW_ALP.COM;32     slow_rex.com;3      

Total of 2 files.

   On node REX (the remote node):

REX $ set default sys$system
REX $ run sys$system:authorize
UAF> show /proxy its::*

 Default proxies are flagged with (D) 

LOCAL:.ITS::SYSTEM
    SYSTEM (D)
UAF> 


   On node ITS, for a different user, SMS, without such a proxy
registered on REX:

its $ dire rex::
%DIRECT-E-OPENIN, error opening REX::*.*;* as input
-RMS-E-FND, ACP file or directory lookup failed
-SYSTEM-F-INVLOGIN, login information invalid at remote node

   But then, on REX (in AUTHORIZE):

UAF> add /proxy its::sms sms /default
%UAF-I-NAFADDMSG, proxy from LOCAL:.ITS::SMS to SMS added

   Finally, back on ITS:

its $ dire rex::

Directory REX::REX$DKA0:[sms]

LOGIN.COM;234       NET$SERVER.LOG;1    

Total of 2 files.


   A proxy can also be defined with different user names on the two
nodes, if you want that.  For example, on node REX, add the cross-user
proxy:

UAF> add /proxy its::sms system
%UAF-I-NAFADDMSG, proxy from LOCAL:.ITS::SMS to SYSTEM added

   Note: No /DEFAULT option in this case, because I want the default for
SMS on any node to be SMS on any other node.  (_My_ preference.)

   Then, user SMS on node ITS can access files as user SYSTEM on node
REX, by specifying the other user name, but without specifying a
password:

its $ dire rex"system"::slow_*.com;

Directory REX"system"::SYS$SYSROOT:[SYSMGR]

SLOW_ALP.COM;32     slow_rex.com;3      

Total of 2 files.


   Is _that_ what you remember?

Re: using logical or symbol to access system via decnet

Posted: Wed Sep 14, 2022 11:54 am
by willemgrooters
Sorry for late reply: At the time, I didn't do anything on system management, I was 'just an novice programmer" :) and it was all set up outside my view, quite likely the way you described it. Thanks for the explanation.

Re: using logical or symbol to access system via decnet

Posted: Wed Sep 14, 2022 12:29 pm
by puder
I had forgotten about proxy settings. That is definitely the cleaner way to go, and I recall that it all seemed very natural using the set-up described by @sms. The same user has the same username on multiple systems with that as the /default proxy on each node from every other node in the same work group.