[an error occurred while processing this directive]
HP OpenVMS Systems Documentation |
HP TCP/IP Services for OpenVMS
|
Previous | Contents | Index |
If queries from a client to an OpenVMS SNMP server are consistently timing out, consider solutions on either the client or server side. For information about checking the client side, refer to the HP TCP/IP Services for OpenVMS SNMP Programming and Reference guide.
On the server:
Before making extensive modifications to either the client or the
server, consider analyzing the network load for congestion problems.
14.6.7 Disabling SNMP OPCOM Messages
To disable OPCOM messages for SNMP, enter the following command sequence:
TCPIP> SET SERVICE SNMP /LOG=NOALL TCPIP> DISABLE SERVICE SNMP TCPIP> ENABLE SERVICE SNMP |
Be aware that when you disable OPCOM messages, you may be suppressing information that is useful for solving problems.
Part 4 describes how to set up popular networking end-user applications and includes the following chapters:
The TCP/IP Services product includes and implementation of the TELNET end-user application.
This chapter describes how to set up your host as a TELNET server.
For information about using TELNET, see the HP TCP/IP Services for OpenVMS User's Guide. For information about using the TELNET print symbiont, see Chapter 25.
This chapter describes:
Managing TELNET includes the following tasks:
The TELNET service can be shut down and started independently of TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted.
The following files are provided:
To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services:
Table 15-1 lists the logical names you can use in managing the TELNET service.
Logical Name | Description |
---|---|
TCPIP$TELNET_NO_REM_ID | Disables the intrusion detection mechanism used by DECnet network login logicals SYS$REM_ID, SYS$REM_NODE, SYS$NODE_FULLNAME. When this logical is set to TRUE, the SYS$REM* logicals are not set, thus bypassing intrusion-detection on logins. By default, this logical is not set. |
TCPIP$TELNET_TRUST_LOCATION | Disables all login attempts from port 8 on this server, regardless of the target user name. The location specified by the client is used to set the SYS$REM* logical names. The result is the TELNET server trusts the client's location string. This setting is not recommended since it allows clients to log in from various locations, avoiding the limit on invalid logins. By default, this logical is not set. |
TCPIP$TELNET_VTA |
Enables TELNET virtual terminals. Set the logical to TRUE to enable
virtual terminals on TELNET connections. Set the logical to FALSE to
disable them. For example:
$ DEFINE/SYSTEM/EXEC |
Hosts typically run a TELNET server with TELNET client software. Users on client hosts need valid accounts on server hosts before using TELNET to establish a remote session.
If your local host is to be a TELNET server, create OpenVMS accounts
for remote users. You can create several individual accounts or one
account that many remote users will share.
15.1.4 Creating and Deleting Sessions
You can create and delete TELNET sessions from within a command procedure or interactively. Enter the DCL command TELNET with the /CREATE_SESSION or /DELETE_SESSION qualifier. These qualifiers have the same function as the following commands:
TELNET> CREATE_SESSION host port dev-unit |
TELNET> DELETE_SESSION dev-unit |
For example:
$ TELNET /CREATE_SESSION TS405 2002 902 |
You can create a TELNET device that times out after a specified idle period then reconnects when data is written to it. Use the /TIMEOUT qualifier to specify the idle time and the reconnection interval, as described in the following table:
Qualifier | Description |
---|---|
/TIMEOUT |
Creates a TELNET device that has the following connection attributes:
|
/NOTIMEOUT | Creates a TELNET device that breaks the connection when the device is finally deassigned (the last channel assignment is deassigned). |
To display login and logout messages at the operator's console and log file, enter:
TCPIP> SET SERVICE TELNET /LOG=(LOGIN,LOGOUT) |
IBM 3270 Information Display System (IDS) terminal emulation (TN3270) lets users make connections to hosts that use IBM 3270 model terminals.
TN3270 has default IBM 3270 IDS function assignments for DIGITAL keyboards. In addition, users can make their own assignments and might ask you for help. TCP/IP Services provides EBCDIC-to-DMCS and DMCS-to-EBCDIC translation tables you can customize. Appendix B describes how to customize and rebuild these translation tables.
For more information about using TN3270, enter the following DCL command:
$ HELP TN3270 |
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Kerberos uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. The TCP/IP TELNET service uses Kerberos to make sure the identity of any user who requests access to a remote host is authentic.
TCP/IP Services supports Kerberos security for TELNET connections, providing a Kerberos TELNET server and a Kerberos TELNET client.
Before you can use the Kerberos TELNET client, the OpenVMS Security Client software must be configured on the OpenVMS system. For more information about installing and configuring the OpenVMS Security Client software, see the HP Open Source Security for OpenVMS, Volume 3: Kerberos manual.
It is assumed that anyone using the Kerberos security features in TCP/IP has expert knowledge of Kerberos.
Encryption is not supported in this version of TCP/IP Services. |
For information about using the Kerberos TELNET client, refer to the
HP TCP/IP Services for OpenVMS User's Guide.
15.1.7.1 Configuring the Kerberos TELNET Server
TCP/IP Services supports a separate Kerberos TELNET server, in addition to the standard TCP/IP TELNET server.
You can enable the TELNET server with Kerberos support by selecting the
Kerberos TELNET server from the TCPIP$CONFIG.COM command procedure, as
described in the HP TCP/IP Services for OpenVMS Installation and Configuration guide.
15.1.7.2 Connecting to the Kerberos TELNET Server
The Kerberos TELNET server uses port 2323. Specify this port on the TELNET command line. For example:
$ TELNET/AUTHENTICATE terse.mbs.com /PORT=2323 %TELNET-I-TRYING, Trying ... 17.21.205.153 %TELNET-I-SESSION, Session 01, host terse.mbs.com, port 2323 -TELNET-I-ESCAPE, Escape character is ^] Welcome to OpenVMS (TM) Alpha Operating System, Version V7.3 Username: |
Before you use the Kerberos TELNET client, make sure the local host name is fully qualified in the local hosts database. Kerberos realms form principal names using fully-qualified domain names. For example, terse.mbs.com is a fully qualified domain name; terse is a simple host name.
HP TCP/IP Services for OpenVMS is usually configured so that the host name is entered in the hosts database as a simple host name. That is, on host TERSE, the TCP/IP management command SHOW HOST TERSE returns terse , not terse.mbs.com .
To correct a mismatch between the Kerberos realm and the TCP/IP Services configurations, follow these steps from a privileged account at a time when system usage is low:
$ TCPIP TCPIP> SHOW HOST terse LOCAL database Host address Host name 15.28.311.11 terse |
TCPIP> SET NOHOST terse/CONFIRM |
TCPIP> SET host "terse.mbs.com"/ADDRESS=15.28.311.11 - _TCPIP> /ALIAS=("TERSE.MBS.COM", "terse", "TERSE") |
TCPIP> SHOW HOST terse LOCAL database Host address Host name 15.28.311.11 terse.mbs.com, TERSE.MBS.COM, terse, TERSE |
To improve TELNET performance, try modifying some of the internet
parameters. These changes might also decrease the use of system
resources.
15.2.1 TELNET Characteristics That Affect Performance
The settings for the TELNET systemwide characteristics might affect TCP/IP Services and TELNET performance. To display the TELNET systemwide characteristics, enter:
TCPIP> SHOW SERVICE TELNET /FULL |
The command generates a display similar to the following:
Service: TELNET State: Enabled Port: 23 Protocol: TCP Address: 0.0.0.0 Inactivity: 1 User_name: Process: not defined Limit:30 Active: 1 Peak: 4 File: not defined Flags: Listen Priv Rtty Socket Opts: Keepalive Receive: 3000 Send: 3000 Log Opts: Actv Dactv Conn Error Logi Logo Mdfy Rjct Addr File: not defined Security Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 |
The TELNET server sends the following error message for a TELNET login request that cannot be satisfied:
SS$_EXQUOTA |
This error is due to insufficient local resources, such as:
TCPIP> SHOW SERVICE TELNET |
PEAK=limit |
TCPIP> SET SERVICE TELNET /LIMIT=n |
Verify that the CHANNELCNT parameter (in SYSGEN) is larger than the number of simultaneous TELNET and RLOGIN sessions that you plan to support.
The File Transfer Protocol (FTP) software transfers files between "nontrusted" hosts. Nontrusted hosts require user name and password information for remote logins.
The TCP/IP Services product includes an implementation of the FTP end-user applications.
This chapter describes:
For information on using FTP, see the HP TCP/IP Services for OpenVMS User's Guide.
16.1 Managing FTP
Managing FTP consists of the the following tasks:
After FTP is configured by TCPIP$CONFIG, the postinstallation configuration procedure, it is started automatically when TCP/IP Services is started. To disable FTP when TCP/IP Services starts, use the SET CONFIGURATION NOSERVICE command.
See the HP TCP/IP Services for OpenVMS Management Command Reference for descriptions of the SET SERVICE and SET
CONFIGURATION SERVICE commands.
16.1.2 FTP Startup and Shutdown
The FTP service can be shut down and started independently from TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted.
The following command procedures are provided:
To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services:
Anonymous FTP is an FTP session in which a user logs in to the remote server using the user name ANONYMOUS and, by convention, the user's real user name as the password.
On the local FTP server, local users can access files without password authentication. Remote users do not require an account. File access is controlled by regular OpenVMS access restrictions.
When you use TCPIP$CONFIG to establish an ANONYMOUS account, a new account is created with the UIC [ANONY,ANONYMOUS] (by default, [3376,xx]), user name ANONYMOUS, account ANONY, default directory SYS$SYSDEVICE:[ANONYMOUS], and the following types of login access:
network | full access |
batch | no access |
local | no access |
dialup | no access |
local | no access |
The usual OpenVMS file protection codes restrict file access for inbound anonymous FTP sessions to this directory, its subdirectories, and files with an owner attribute of [ANONY,ANONYMOUS].
When the ANONYMOUS account has been created, a remote FTP client can:
You can set up guest and public directories for bulletin board or group interest. Make sure the directory protections are set to read-only or read/write, as needed.
In the following example, UNIX user ubird connects to the ANONYMOUS account on OpenVMS host TRAGOPAN. TRAGOPAN asks for ubird 's password, which is not echoed. In response to this request, the user should supply the local system user name for identification purposes.
% ftp tragopan Connected to tragopan.asian.pheasant.edu. 220 tragopan.asian.pheasant.edu FTP Server (Version 5.1) Ready. Name (tragopan:wings): ANONYMOUS 331 Guest login ok, send ident as password. Password: CARIBBEAN 230 Guest login ok, access restrictions apply. Welcome to HP TCP/IP Services for OpenVMS on internet host TRAGOPAN Date 24-JUN-2000 FTP> |
The FTP server processes each command individually as it receives the
command and displays a reply based on the command parameters. A reply
can include a file specification that displays part of the server file
system.
16.1.3.2 Setting Up Anonymous FTP
Complete the following steps to set up anonymous FTP access on your system:
$ DEFINE/SYSTEM/EXEC TCPIP$FTP_ANONYMOUS_WELCOME "Anonymous User Account" |
$ @SYS$STARTUP:TCPIP$FTP_SHUTDOWN.COM $ DEFINE/SYSTEM TCPIP$FTP_ANONYMOUS_LOG dev:[directory]filename $ @SYS$STARTUP:TCPIP$FTP_STARTUP.COM |
Previous | Next | Contents | Index |