Page 1 of 1
using logical or symbol to access system via decnet
Posted: Wed Mar 30, 2022 3:23 pm
by willemgrooters
One of the problems I know of using Decnet for login to a system is the use of a (plaintext) password, like:
Code: Select all
$ copy Node1"User1 Th1s1sAbadpwd":disk:[dir]file.ext [] /log
In case of logging, you'd see:
Code: Select all
%COPY-S-COPIED, Node1"User1 password"::disk:[dir]file.ext copied to (current location)
but when verification is on, you would see the full COPY line, including the password.
Years ago on a job where Decnet was used, there was a workaround using a logical or symbol containing the node, username and password, not normally visible in both command and result, but I do not recall how this was done. I tried both but both failed. Can anyone tell me how this could be done? (My systems have been setup for DECNet-Plus, using DOMAIN as namespace)
Re: using logical or symbol to access system via decnet
Posted: Wed Mar 30, 2022 6:40 pm
by puder
I use this, which I call
DEFPASS.COM
Code: Select all
$! define a logical name to hold the node"user pass"::
$
$ lognam = p1
$ node = p2
$ user = p3
$ pass = p4
$ if lognam .eqs. "" then inquire lognam "logical name"
$ if node .eqs. "" then inquire node "node"
$! if user .eqs. "" then user = f$getjpi("","username")
$ if user .eqs. "" then inquire user "username"
$ if pass .eqs. ""
$ then
$ on control_y then goto fix_term
$ set noon
$ set terminal/noecho
$ ! inquire pass "password"
$ read sys$command pass /prompt="password: "
$ fix_term:
$ set terminal/echo
$ set on
$ endif
$
$ node = f$edit(node,"collapse,lowercase")
$ user = f$edit(user,"collapse,lowercase")
$ ! pass = f$edit(pass,"collapse")
$
$ define 'lognam' "''node'""''user' ''pass'""::"
$
$ exit
Re: using logical or symbol to access system via decnet
Posted: Wed Mar 30, 2022 9:56 pm
by sms
Code: Select all
> One of the problems I know of using Decnet for login to a system is
> the use of a (plaintext) password, [...]
Would "no visible password" be better?
> [...] Years ago on a job where Decnet was used, there was a workaround
> using a logical or symbol containing the node, username and password,
> [...]
Depending on exactly what you want to do (or not do), one possibility
might be something other than a symbol or logical name -- A DECnet proxy
can give you DECnet access without your explicitly specifying a password
(or even a user name, if it's the same on the remote system).
For example, around here, on node ITS, as user SYSTEM:
ITS $ dire slow_*.com; ! Local.
Directory SYS$SYSROOT:[SYSMGR]
SLOW_ITS.COM;6
Total of 1 file.
ITS $ dire rex::slow_*.com; ! DECnet-remote.
Directory REX::SYS$SYSROOT:[SYSMGR]
SLOW_ALP.COM;32 slow_rex.com;3
Total of 2 files.
On node REX (the remote node):
REX $ set default sys$system
REX $ run sys$system:authorize
UAF> show /proxy its::*
Default proxies are flagged with (D)
LOCAL:.ITS::SYSTEM
SYSTEM (D)
UAF>
On node ITS, for a different user, SMS, without such a proxy
registered on REX:
its $ dire rex::
%DIRECT-E-OPENIN, error opening REX::*.*;* as input
-RMS-E-FND, ACP file or directory lookup failed
-SYSTEM-F-INVLOGIN, login information invalid at remote node
But then, on REX (in AUTHORIZE):
UAF> add /proxy its::sms sms /default
%UAF-I-NAFADDMSG, proxy from LOCAL:.ITS::SMS to SMS added
Finally, back on ITS:
its $ dire rex::
Directory REX::REX$DKA0:[sms]
LOGIN.COM;234 NET$SERVER.LOG;1
Total of 2 files.
A proxy can also be defined with different user names on the two
nodes, if you want that. For example, on node REX, add the cross-user
proxy:
UAF> add /proxy its::sms system
%UAF-I-NAFADDMSG, proxy from LOCAL:.ITS::SMS to SYSTEM added
Note: No /DEFAULT option in this case, because I want the default for
SMS on any node to be SMS on any other node. (_My_ preference.)
Then, user SMS on node ITS can access files as user SYSTEM on node
REX, by specifying the other user name, but without specifying a
password:
its $ dire rex"system"::slow_*.com;
Directory REX"system"::SYS$SYSROOT:[SYSMGR]
SLOW_ALP.COM;32 slow_rex.com;3
Total of 2 files.
Is _that_ what you remember?
Re: using logical or symbol to access system via decnet
Posted: Wed Sep 14, 2022 11:54 am
by willemgrooters
Sorry for late reply: At the time, I didn't do anything on system management, I was 'just an novice programmer"
and it was all set up outside my view, quite likely the way you described it. Thanks for the explanation.
Re: using logical or symbol to access system via decnet
Posted: Wed Sep 14, 2022 12:29 pm
by puder
I had forgotten about proxy settings. That is definitely the cleaner way to go, and I recall that it all seemed very natural using the set-up described by @sms. The same user has the same username on multiple systems with that as the /default proxy on each node from every other node in the same work group.