[an error occurred while processing this directive]
HP OpenVMS Systems Documentation |
HP TCP/IP Services for OpenVMS
|
Previous | Contents | Index |
Table 16-1 lists the logical names that you can use to manage the FTP server. After you define a logical name, you must stop and start the FTP server for the new setting to take effect.
Logical Name | Description |
---|---|
TCPIP$FTP_ALLOW_ADDR_REDIRECT | Allows active-mode connections from an IP address other than the server's. By default, such connections are not allowed, thereby preventing unauthorized data connections from unknown servers. |
TCPIP$FTP_ALLOW_PORT_REDIRECT | Allows passive-mode connections from ports other than port 20. By default, such connections are not allowed, preventing unauthorized data connections from unknown servers. |
TCPIP$FTP_ANONYMOUS_ALIAS |
Defines an equivalence list (up to 10 entries) of the login names of
users with access to the ANONYMOUS account. These users share the same
access rights and restrictions.
If you do not define this logical name, the default is ANONYMOUS as the only login name. The following command shows how to create an equivalence list with
the names THOMAS, JONES, and SMITH. These users can log in to the
ANONYMOUS account without a password.
|
TCPIP$FTP_ANONYMOUS_DIRECTORY | Defines public directories accessible by the anonymous FTP user. |
TCPIP$FTP_ANONYMOUS_LOG | Defines the location of the anonymous log file. The default is SYS$SYSDEVICE:[TCPIP$FTP]. |
TCPIP$FTP_ANONYMOUS_WELCOME | Allows you to specify text that is displayed to anonymous users at connect time, after the login sequence. For more information, see Section 16.1.3.2. |
TCPIP$FTP_COMPAT_REV |
Allows you to set V5.1 compatibility mode for the user process. V5.1
compatibility mode disables certain file specification changes that
were made under V5.3 for the Common Operating Environment (COE).
To enable V5.1 compatibility mode, define the logical name to 5.1.
For example:
|
TCPIP$FTPD_COMPAT_REV |
Allows you to set V5.1 compatibility mode for all users. To enable V5.1
compatibility, define the logical name to 5.1. For example:
$ DEFINE/SYSTEM TCPIP$FTPD_COMPAT_REV "5.1" |
TCPIP$FTP_CONVERT_FILE |
Define this logical name as TRUE or FALSE. If defined as TRUE, the FTP
server converts files to variable with fixed-length control (VFC)
formatted files before transfer. With the VFC file, users retain the
Record Management Services (RMS) formatting information of their files.
For more information about RMS, refer to the OpenVMS Record Management Services Reference Manual.
If TCPIP$FTP_CONVERT_FILE is defined as FALSE, there is no conversion, and RMS formatting information is lost after the file transfer. |
TCPIP$FTPD_ALLOW_ADDR_REDIRECT | Allows passive-mode connections from an IP address other than the client's. By default, such connections are not allowed, thereby preventing unauthorized data connections from unknown clients. |
TCPIP$FTPD_ALLOW_PORT_REDIRECT | Allows passive-mode connections from a privileged port. By default, such connections are not allowed, preventing unauthorized data connections from unknown clients. |
TCPIP$FTPD_DIR_RECURSIVE | Enables recursive directory listings for the ls and dir commands. |
TCPIP$FTPD_IDLETIMEOUT |
Defines the maximum time interval that FTP child processes can remain
idle before FTP closes them. TCP/IP Services terminates the FTP process
if no control or data connection activity exists for the specified
time. The default idle time is 15 minutes. This feature can help to
improve system performance.
Specify the value as hh:mm:ss. |
TCPIP$FTPD_KEEPALIVE |
Enables the FTP server to detect idle and broken FTP connections.
Define this logical on the server host by entering:
TCPIP> DEFINE /SYSTEM/EXEC TCPIP$FTPD_KEEPALIVE 1 |
TCPIP$FTPD_LOG_CLIENT_ACTIVITY | Activates logging of session-specific information, requests, and responses. The log file created is SYS$LOGIN:TCPIP$FTP_SERVER.LOG. |
TCPIP$FTPD_NO_FILESIZE_HINT | If defined, the FTP client does not display the file size hint. |
TCPIP$FTP_FILE_ALQ | Specifies the number of blocks to be preallocated by Record Management Services (RMS) to a disk when a file is created. |
TCPIP$FTP_FILE_DEQ | Specifies the number of blocks to be added when RMS automatically extends the file. |
TCPIP$FTP_HELP |
Specifies an alternate HELP file. By default, the command HELP FTP
reads the data in SYS$HELP:TCPIP$FTP_HELP.HLB. This logical allows you
to specify an alternate HELP file, useful for getting information in a
non-English language. For example, to define an alternate HELP library
file, enter the following command:
$ DEFINE/SYSTEM TCPIP$FTP_HELP dev:[directory]filename.HLB where dev:[directory]filename.HLB specifies the alternate HELP library file. |
TCPIP$FTP_KEEPALIVE |
Enables the FTP client to detect idle and broken FTP connections.
Define this logical name in the system logical name table, as follows:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_KEEPALIVE 1 |
TCPIP$FTP_NO_VERSION |
If defined, FTP does not send file version numbers when you enter the
mget
and the
ls
commands to a host that is not an OpenVMS host. Define this logical
name in the system logical name table, as follows:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_NO_VERSION 1 |
TCPIP$FTP_RAW_BINARY |
With this logical name turned on, FTP transfers files in block I/O mode
if the server and client are in binary (image) mode. To activate this
feature, define the logical name as TRUE.
An FTP end-user can override your FALSE definition with the FTP PUT /RAW command. |
TCPIP$FTP_SERVER |
Defines the name and location of the TCPIP$FTP_SERVER.LOG file. By
default, the log file is stored in the directory pointed to by
SYS$LOGIN. For example, to specify a different directory, enter the
following command:
$ DEFINE/SYSTEM TCPIP$FTP_SERVER dev: - |
TCPIP$FTP_SERVER_ANNOUNCE |
Allows you to specify text that is displayed to users when they
connect, before the login sequence.
The following example shows how to specify a prelogin announcement:
To activate this change, shut down the FTP server and restart it, as described in Section 16.1.2. |
TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS | Specifies that the FTP server will be using IP addresses instead of host names. |
TCPIP$FTP_SERVER_NAME_SERVICE_RETRY |
Specifies the number of times the BIND resolver should attempt to
contact a BIND server if the first attempt fails.
This logical name has no effect if the FTP server is using IP addresses instead of host names (that is, the logical name TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS is defined). |
TCPIP$FTP_SERVER_NAME_SERVICE_TIMEOUT |
Specifies the number of seconds for the timeout interval. For more
information, refer to the description of the SET NAME_SERVICE/TIMEOUT
command in the HP TCP/IP Services for OpenVMS Management Command Reference manual.
This logical name has no effect if the FTP server is using IP addresses instead of host names (that is, the logical name TCPIP$FTP_SERVER_LOG_CLIENT_BY_ADDRESS is defined). |
TCPIP$FTP_STREAMLF | If defined, the FTP server and client create files as RMS STREAM_LF files. The default is variable-length files. |
TCPIP$FTP_SERVER_GENERIC_READY_MESSAGE |
If defined, the FTP server will not display specific service
information when users connect. For example, when this logical name is
not defined:
NODE> FTP FTPSERVER/USER=auser/PASS=mypassword When this logical name is defined, the following is displayed when
users connect:
You must restart the FTP service after changing the setting of this logical name. |
TCPIP$FTP_WNDSIZ | Sets the size of the TCP send and receive transmission windows. Specify a decimal number for the number of bytes. |
By default, the FTP server creates several log files you can use to monitor the service and user transactions. These log files are:
The number of log files (one per FTP session) might become large. To limit the number of versions, enter:
$ SET FILE file /VERSION=n |
By default, the FTP server does not allow you to specify an IP address other than that of the connected client, or the specification of a privileged port, in the PORT, LPRT, or EPRT commands. Any such commands are rejected with the following error:
500 Illegal {PORT|LPRT|EPRT} command. |
The FTP server and client prevent data connection "theft" by a third party. For the FTP server, this applies to passive-mode connections from an IP address other than the client's, or from a privileged port. For the FTP client, this applies to active-mode connections from an IP address other than the server's, or from a port other than port 20.
You can restore the original behavior by defining the following logical names:
Server | Client |
---|---|
TCPIP$FTPD_ALLOW_ADDR_REDIRECT | TCPIP$FTP_ALLOW_ADDR_REDIRECT |
TCPIP$FTPD_ALLOW_PORT_REDIRECT | TCPIP$FTP_ALLOW_PORT_REDIRECT |
These logical names allow you to relax the IP address and port checks
independently in the FTP server and the FTP client. For more
information, see Table 16-1.
16.2.2 Performance
You can improve FTP performance for users who transfer large files from systems that are not running TCP/IP Services to a host running the TCP/IP Services software.
Large file transfers can affect file transfer performance. A file transfer consists of the following events:
Performance is affected by the RMS overhead taken up by the file extension process. One way to improve performance is to reset the appropriate parameters. To do this, redefine the FTP logical names that:
These logical names are described in the following sections.
16.2.2.1 Buffer Sizes
Changing the window size of the send and receive buffers can improve network performance. To set or modify the window size, define or redefine the logical name TCPIP$FTP_WNDSIZ.
$ DEFINE /SYSTEM /EXEC TCPIP$FTP_WNDSIZ 4096 |
For noisy lines, such as modems, you should set the value of the
TCPIP$FTP_WNDSIZ parameter to a lower number.
16.2.2.2 File Allocation and Extension Sizes
FTP logical names preallocate disk blocks. FTP tells RMS to truncate unused blocks so that disk space is not wasted. This can affect RMS performance.
To reduce the RMS overhead, use the following logical names:
$ DEFINE /SYSTEM/EXEC TCPIP$FTP_FILE_ALQ 50000 |
$ DEFINE TCPIP$FTP_FILE_DEQ 100 |
Define these logicals in the TCPIP$SYSTARTUP.COM procedure, or in the
SYS$MANAGER:STARTUP_VMS.COM file before the command that starts
TCP/IP Services. Because disk quotas may control the system, these
logical names are defined by default as zero (system RMS defaults) or
are undefined. For file transfers between hosts that both use VMS Plus
mode, these logical names have no effect.
16.2.2.3 Inactivity Timer
The larger the inactivity timer value, the longer FTP maintains sessions without timing out. Excessive inactive sessions might slow down performance, degrade security, or prevent other users from establishing sessions.
To increase the inactivity timer, change the value of the TCPIP$FTPD_IDLETIMEOUT logical name. The default is 15 minutes. For example:
$ DEFINE TCPIP$FTPD_IDLETIMEOUT 01:00:00 |
The TCP/IP Services software includes client and server implementations of the Berkeley Remote (R) command applications: RCP, RLOGIN, RSH, REXEC, and RMT/RCD. These applications provide end users with the following capabilities:
RCP | Allows files to be copied between remote hosts. |
RLOGIN | Provides interactive access to remote hosts. |
RSH | Passes a command to a remote host for execution. |
REXEC | Authenticates and executes RCP and other commands. |
RMT/RCD | Provides remote access to magnetic tape and CD-ROM drives. |
This chapter reviews key concepts and describes:
For information about using these applications, see the HP TCP/IP Services for OpenVMS User's Guide.
17.1 Key Concepts
In addition to password authentication, the R commands use a system based on trusted hosts and users. Trusted users on trusted hosts are allowed to access the local system without providing a password. Trusted hosts are also called "equivalent hosts" because the software assumes that users given access to a remote host should be given equivalent access to the local host. The system assumes that user accounts with the same name on both hosts are "owned" by the same user. For example, the user logged in as molly on a trusted system is granted the same access as a user logged in as molly on the local system.
This authentication system requires databases that define the trusted hosts and the trusted users. On UNIX systems, these databases include:
On OpenVMS hosts, the proxy database TCPIP$PROXY.DAT defines trusted
hosts and users for the entire system.
17.2 Managing the R Command Servers
The following sections describe the command procedures and logical
names used in managing the R command servers.
17.2.1 R Command Server Startup and Shutdown
Each R command server can be shut down and started independently. This is useful when you change parameters or logical names that require the service to be restarted.
The following files allow you to start up each R command server independently:
The following files allow you to shut down the each R command server independently:
To preserve site-specific parameter settings and commands to be executed when the R server starts up, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:
To preserve site-specific parameter settings and commands to be executed when the R server shuts down, create one of the following files, as appropriate. These files are not overwritten when you reinstall TCP/IP Services:
Table 17-1 lists the logical names you can use for managing the RLOGIN service.
Logical Name | Description |
---|---|
TCPIP$RLOGIN_VTA |
Enables RLOGIN virtual terminals. To enable virtual terminals on RLOGIN
connections, set the value of this logical name to TRUE. To disable
them, set the value to FALSE. For example:
$ DEFINE/SYSTEM/EXEC TCPIP$RLOGIN_VTA "TRUE" For more information, see Section 17.3. |
TCPIP$RLOGIN_MESSAGE | Specifies the welcome message displayed by the RLOGIN server. For more information, see Section 17.4. |
Previous | Next | Contents | Index |