[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference bulova::decw_jan-89_to_nov-90

Title:	DECWINDOWS 26-JAN-89 to 29-NOV-90
Notice:	See 1639.0 for VMS V5.3 kit; 2043.0 for 5.4 IFT kit
Moderator:	STAR::VATNE

Created:	Mon Oct 30 1989
Last Modified:	Mon Dec 31 1990
Last Successful Update:	Fri Jun 06 1997
Number of topics:	3726
Total number of notes:	19516

2083.0. "how do I start a remote login session ?" by HANNAH::OSMAN (see HANNAH::IGLOO$:[OSMAN]ERIC.VT240) Fri Jan 19 1990 11:44

I'm trying to produce a login box on server OSMAN, using node LEVEL as
the client.  So, I end my normal session on OSMAN, then from another terminal
I delete the LOGINOUT process.

Now the OSMAN  screen is just grey with a mouse.

Then, from LEVEL, I do this:

	$ set proc/priv=all
	$ set display/create/perm/node=osman
	$ run sys$system:decw$startlogin

This fails.  (Screen flashes, mouse moves to middle, but no login box).

As an experiment, I try this:

	$ set proc/priv=all
	$ set display/create/perm/node=osman
	$ run dwhetris

This produces some sort of "client is not authorized" message.  So now I've
got all these questions:

o	What is /PERM ?  Why isn't it mentioned under HELP SET DISPLAY ?

o	If I have to authorize LEVEL as a client, under whose security
	do I authorize that ?  I've already got "DECNET LEVEL *" under my
	personal security, but if no one's logged in yet, whose security
	is checked ?

confused, thanks...

/Eric

T.R	Title	User	Personal Name	Date	Lines
2083.1		DECWIN::JMSYNGE	James M Synge, VMS Development	`Fri Jan 19 1990 14:13`	6
	The default 'trusted host' list contains just "LOCAL 0 SYSTEM" (or something similar. What you want to do is create a file, SYS$MANAGER:DECW$SERVER_ACCESS_ALLOWED.DAT, on your workstation with an entry such as "DECNET LEVEL OSMAN". James
2083.2	which file should we modify for server access ?	HANNAH::OSMAN	see HANNAH::IGLOO$:[OSMAN]ERIC.VT240	`Tue Jan 23 1990 10:10`	8
	So when should we modify the ACCESS_ALLOWED file, and when should we modify the TRUSTED_ACCESS file ? How are they different ? [ /Eric
2083.3	...	GSRC::WEST	Variables don't, Constants aren't	`Tue Jan 23 1990 10:24`	11
	If I remember correctly the ACCESS_TRUSTED file allows those connections to modify the host list, whereas the ACCESS_ALLOWED file does not. I has been my experience that pretty much all the connections should be in the ACCESS_ALLOWED file only. In fact you really don't need to have the ACCESS_TRUSTED file unless a client needs to modify/maintain the host list for other connections. -=> Jim <=-
2083.4	can I start login box without DECW$STARTLOGIN?	HANNAH::OSMAN	see HANNAH::IGLOO$:[OSMAN]ERIC.VT240	`Tue Jan 23 1990 14:38`	24
	o.k. I've finally been able to start a login box on the server screen of my choice from the client of my choice BUT... I must have special privileges on the client, because apparantly DECW$STARTLOGIN requires privileges. But I've heard a rumor that it's possible to do without special privileges. Something about sending the name of the WS device (the one you created with SET DISPLAY/CREATE) to the job controller's mailbox. My real goal here is to speed up our slow VS2000's in our lab by presenting the login box from our big fast machine, on the VS2000 which would just be the server. But I don't have special privileges on the big machine (just username and password is what I have). So, how can I get the mailbox name of the job controller ? What exactly is the message I should send it to tell it the WS device name? Will this really succeed in working ? Thanks. /Eric
2083.5		JAMMER::JACK	Marty Jack	`Tue Jan 23 1990 15:00`	6
	The job controller mailbox is MBA1. This string is the value of the symbol SYS$C_JOBCTLMB. However, it is world no access; otherwise there would be a massive security hole. For the record, the message is a word containing MSG$_TRMUNSOLIC, followed by the device name. There is some possibility that it is in ASCIC -- I don't remember for sure, and I can't get to the listings right now to check.
2083.6	how can I create a login box from remote client?	HANNAH::OSMAN	see HANNAH::IGLOO$:[OSMAN]ERIC.VT240	`Wed Jan 24 1990 10:01`	14
	So the question remains: Is there a way to fire up a login box from a client to a server without having special privileges on the client ? I'd like to log in on the client and type something that causes the login box to appear on the server. By the way, I DO have privs on the server. Thanks. /Eric
2083.7	possibly...?	MINNIE::DOUG	just sing it like you feel it	`Mon Jan 29 1990 11:16`	14
	this might be one way of avoiding the problem (it still probably involves the system manager to set a couple things up): shouldn't the startup of the remote session manager be part of the server's booting process? in that case, couldn't you have decwindows start up (without a session manager) on the vs2000, then create a batch job in a queue which is accessible to the vs2000, but which runs on the big vax, which will run the loginout process with the display set as discussed in the previous replies? i am hoping to do something similar here (same configuration, same reason) after we have upgraded to vms 5.3, and ultrix 4.0. --dd
2083.8		BILBO::PIPER	Derrell Piper - VMS Security	`Sat Feb 03 1990 10:55`	5
	> Is there a way to fire up a login box from a client to a server > without having special privileges on the client ? No there is not. You could install DECW$STARTLOGIN with privs and then put an ACL on it to control access to those who need it.
2083.9	why are privileges not needed in one place, needed in another	HANNAH::OSMAN	see HANNAH::IGLOO$:[OSMAN]ERIC.VT240	`Tue Feb 06 1990 10:55`	13
	It's a bit incongruous. A new product which I feel I better not name here (we're not quite out yet) lets us say "create LAT X session...", which causes the decnet node of your choice to send you a login box to your screen. You don't need to be privileged to get this service. So it seems over restrictive that you need to be privileged to do it from a "regular" workstation. Thanks. /Eric