[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference tuxedo::dce-products

Title:	DCE Product Information
Notice:	Kit Info - See 2.-4.
Moderator:	TUXEDO::MAZZAFERRO

Created:	Fri Jun 26 1992
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	2269
Total number of notes:	10003

2196.0. "VMS DCE and directory protections -- why?" by CSC32::R_WILLIAMS () Fri Mar 21 1997 18:31

    DCE 1.4.
    
    Hi,
    
    I also noticed that the CREDS.DIR directory has wide open protections. 
    Can somebody explain the need to allow world access to this directory?
    
    Thanks,
    
    -Rick
    
+++++
    
A recent audit of file security produced the following:

DSA0:[SYS8.DCELOCAL.VAR.SECURITY]CREDS.DIR;1
  Owner: [DCE$SERVER], (S:RWE,O:RWE,G:RWED,W:RWED)

Should this directory have tighter security for WORLD access (if not,
why not and how are security implications dealt with?)?  ( I will have
to answer these questions!)

        James
James Bridges        [email protected]            (250)387-4627
Information Technology Services Div., 4000 Seymour Place, Victoria, B.C.,
Canada, V8X 4S8


INFORMATION
System running DCE: PROCESSOR TYPE: VAX 7000-730
Version of DCE: DCE V1.3B for OpenVMS VAX
DECnet transport: DECnet/OSI for OpenVMS Version V6.3-ECO06
TCP/IP transport: CISCO MultiNet V4.0
Current DCE config:
This system has the following DCE configuration:

    Hostname:   saturn
    Cellname:   cell99.gov.bc.ca

    Remote Procedure Call Services      Enabled
    Security Services                   Server Enabled
    CDS Name Service                    Master Server Enabled
    Global Directory Agent              Disabled
    PC Name Service Interface           Enabled
    Distributed Time Service            Disabled
    Integrated login                    Disabled

This system supports the following network transport protocols:

    TCP/IP:         [ncacn_ip_tcp]
    UDP/IP:         [ncadg_ip_udp]
    DECnet:         [ncacn_dnet_nsp]
    DECnet/OSI:     [ncacn_osi_dna]

TCP/IP services on this system are provided by: MULTINET

   TGV, Inc. MULTINET for OpenVMS

The current cell is: cell99.gov.bc.ca
Based on this configuration, the following DCE daemons should be
active:

        Daemon                        Process Name       Process ID

   Remote Procedure Call Services     DCE$RPCD            2A4008F2
   Security Service Client            DCE$SEC_CLIENTD     2A400909
   Security Service Server            DCE$SECD            2A400903
   CDS Name Service Advertiser        DCE$CDSADV          2A40090B
   CDS Name Service Client            DCE$CDSCLERK        2A40090C
   CDS Name Service Server            DCE$CDSD            2A40090E
   PC Name Service Interface          DCE$NSID            2A400919

T.R	Title	User	Personal Name	Date	Lines
2196.1	users need credentials	FOUNDR::WOODRUFF		`Mon Mar 24 1997 16:22`	7
	users need to create and delete their credentials, that directory is where they are stored. garry