Network Management, Access Control, Proxies (OpenVMS)
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
Library /sys$common/syshlp/nclhelp.hlb Network Management, Access Control, Proxies (OpenVMS) *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
Proxies are managed using the AUTHORIZE facility. Each proxy
record should specify a default account, regardless of whether
a default wildcard proxy exists, to ensure that at least one
valid destination account is specified. For example, if a
default wildcard proxy existed on PRKCHP:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
LAMCHP::*
* (D)
The SYSTEM user on node LAMCHP would have default proxy access
into the SYSTEM account on PRKCHP.
If the network manager then wished to add ALTERNATE as an
alternate account to be used from the SYSTEM account on LAMCHP,
while still retaining SYSTEM as the default, he would need to
explicitly specify that default in the new proxy record like so:
UAF> ADD/PROXY LAMCHP::SYSTEM SYSTEM/DEFAULT, ALTERNATE
So the proxy database on PRKCHP would now look like this:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
LAMCHP::*
* (D)
LAMCHP::SYSTEM
SYSTEM (D) ALTERNATE
If he instead did this:
UAF> ADD/PROXY LAMCHP::SYSTEM ALTERNATE
So the proxy database looked like this:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
LAMCHP::*
* (D)
LAMCHP::SYSTEM
ALTERNATE
then LAMCHP::SYSTEM would no longer have default access
to PRKCHP's SYSTEM account. That is because only one proxy
record is considered for proxy processing; and in this case,
the exact match LAMCHP::SYSTEM is preferred over the
LAMCHP::* match. This LAMCHP::SYSTEM proxy record does not
specify any default account.
For further information on how proxies are used to grant
access, refer to HELP NETWORK_MANAGEMENT ACCESS_CONTROL
OPENVMS_POLICY.
|
|
