![]() |
Software > OpenVMS Systems > Documentation > 731final > tcprn ![]() HP OpenVMS Systems Documentation |
![]() |
>
Compaq TCP/IP Services for OpenVMS
|
Previous | Contents |
The Domain Name System (DNS) maintains and distributes information about Internet hosts. DNS consists of a heirarchical databases containing the names of entities on the Internet, the rules for delegating authority over names, and mail routing information; and the system implementation that maps the names to Internet addresses.
In OpenVMS environments, DNS is implemented by the Berkeley Internet Name Domain (BIND) software. Compaq TCP/IP Services for OpenVMS implements a BIND server based on the Internet Software Consortium's (ISC) BIND Version 9 (BIND 9).
BIND 9 is supported on Alpha systems only, and future support of BIND Version 8 (BIND 8) on VAX systems will be limited. Therefore, if you are using BIND 8 on a VAX system, Compaq recommends that you upgrade your BIND server to an Alpha system. |
For information about managing BIND, refer to Appendix C.
BIND 9 is a major rewrite of nearly all aspects of the underlying BIND architecture. Some of the important features of BIND 9 are:
The BIND resolver is based on the BIND 8 implementation of DNS. |
To take advantage of the multiprocessor and multithreading support provided with BIND 9, the OpenVMS SYSGEN parameter MULTITHREAD should be nonzero on multiprocessor systems. Note that this parameter is systemwide and affects other TCP/IP or OpenVMS components that use POSIX threads.
BIND 9 is designed to be compatible with BIND 8. The following list summarizes the differences between them.
transfer-format one-answer; |
No TTL specified; using SOA MINTTL instead |
Unexpected end of file |
@ IN SOA ns.example. hostmaster.example. ( 1 3600 1800 1814400 3600 ) |
listen-on-v6 {any; }; |
transfer-format one-answer; |
1.4 IMAP Server
The IMAP server for OpenVMS Mail and the Simple Mail Transfer Protocol (SMTP) server work together to provide reliable mail management in a client/server environment.
IMAP is supported on Alpha systems only. Although images may appear on VAX systems after installation, these are not supported. |
The IMAP server allows users to access their OpenVMS Mail mailboxes using client applications like Microsoft Outlook to view, move, copy, and delete messages. The SMTP server also allows the clients to create and send e-mail messages.
The IMAP server requires a certain level of the operating system. If you are running one of the following versions of OpenVMS, you must install the appropriate patch:
OpenVMS Version | Minimum Level Patch Kit |
---|---|
Alpha V7.2-1 | VMS721_MAIL-V0100 |
Alpha V7.2-1H1 | VMS21H1_MAIL-V0100 |
VMS21H1_MAIL-V0200 | |
Alpha V7.2-2 | VMS722_MAIL-V0100 |
Alpha V7.3 | VMS73_MAIL-V0100 |
OpenVMS versions higher than Version 7.3 automatically support the IMAP server without requiring any patches.
For more information about managing and using the IMAP server, refer to Appendix A.
Kerberos is freely available from the Massachusetts Institute of Technology (MIT), under a copyright permission notice. Kerberos for OpenVMS is supplied by Compaq Computer Corporation under the terms of the license from MIT. For more information about the Kerberos license, see the following web site:
http://web.mit.edu/kerberos/www/. |
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. The TCP/IP TELNET service uses Kerberos to make sure the identity of any user who requests access to a remote host is authentic.
Compaq TCP/IP Services for OpenVMS Version 5.3 supports the OpenVMS Kerberos Version 1.0 client, which is based on MIT Kerberos Version 5.
Before you can use the Kerberos TELNET client, the OpenVMS Security Client software must be configured on the OpenVMS system. For more information about installing and configuring the OpenVMS Security Client software, see the Kerberos Version 1.0 for OpenVMS Security Client Installation Guide and Release Notes.
The Kerberos Security Client kit contains copies of the MIT documentation listed in the Kerberos Version 1.0 for OpenVMS Security Client Installation Guide and Release Notes.
It is assumed that anyone using the Kerberos security features in TCP/IP has expert knowledge of Kerberos.
Encryption is not supported in this version of TCP/IP Services. |
Before you use the Kerberos TELNET client, make sure the local host name is fully qualified in the local hosts database. Kerberos realms form principal names using fully-qualified domain names. For example, terse.mbs.com is a fully qualified domain name; terse is a simple host name.
Compaq TCP/IP Services for OpenVMS is usually configured so that the host name is entered in the hosts database as a simple host name. That is, on host TERSE, the TCP/IP management command SHOW HOST TERSE returns terse , not terse.mbs.com .
To correct a mismatch between the Kerberos realm and the TCP/IP Services configurations, follow these steps from a privileged account at a time when system usage is low:
$ TCPIP TCPIP> SHOW HOST terse LOCAL database Host address Host name 15.28.311.11 terse |
TCPIP> SET NOHOST terse/CONFIRM |
TCPIP> SET host "terse.mbs.com"/ADDRESS=15.28.311.11 - _TCPIP> /ALIAS=("TERSE.MBS.COM", "terse", "TERSE") |
TCPIP> SHOW HOST terse LOCAL database Host address Host name 15.28.311.11 terse.mbs.com, TERSE.MBS.COM, terse, TERSE |
The following sections describe how to use the TELNET client to establish authenticated connections.
To initiate an authenticated connection, perform the following steps:
Always specify the user name on the KINIT command line. Kerberos realms are usually set up with lowercase user names, but on OpenVMS, user names are stored in uppercase. When you specify the user name, it will be accepted as lowercase. |
$ TELNET/AUTHENTICATE host-name |
$ TELNET/AUTHENTICATE/FORWARD host-name |
$ TELNET/AUTHENTICATE/REALM=realm-name. |
Previous | Next | Contents |