[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference lassie::ucx

Title:DEC TCP/IP Services for OpenVMS
Notice:Note 2-SSB Kits, 3-FT Kits, 4-Patch Info, 7-QAR System
Moderator:ucxaxp.ucx.lkg.dec.com::TIBBERT
Created:Thu Nov 17 1994
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:5568
Total number of notes:21492

5368.0. "Communication proxy and wildcards" by MUNICH::WOERLE () Fri Mar 21 1997 07:38

		hello,


a customer wants to setup Communication-Proxies for all users
in his LAN according the Berkeley-r commands (f.e rlogin).

He does a   

UCX>add proxy <VMS-user>/remote=*/host=*

This gives the error 
%UCX-E-PROXYERROR, Error processing PROXY request
-RMS-F-DUP, duplicate key detected (DUP not set)
if a NFS-proxy exists with the same <VMS-User>.


I have reproduced the problem at my side
(UCX 4.1, PAT5)
1) empty proxy-database
UCX> sho proxy
%UCX-E-PROXYERROR, Error processing PROXY request
-UCX-W-NORECORD, Information not found
-RMS-E-RNF, record not found
2) add a NFS-proxy (the NFS-Server is not started)
UCX> add proxy norbert/uid=100/gid=10/host="dscphv"
UCX> sh proxy

VMS User_name     Type      User_ID    Group_ID   Host_name

NORBERT           ON            100          10   dscphv
3) add a communication-proxy with /remo=* and /host=*
UCX> add proxy norbert/remote=*/host=*
%UCX-E-PROXYERROR, Error processing PROXY request
-RMS-F-DUP, duplicate key detected (DUP not set)
UCX>
=========================
When you add the communication proxy before the NFS-proxy
then it works
UCX> add proxy norbert/remote=*/host=*
UCX> add proxy norbert/uid=100/gid=10/host="dscphv"
UCX> sh proxy

VMS User_name     Type      User_ID    Group_ID   Host_name

NORBERT           CD     *                        *
NORBERT           ON            100          10   dscphv
(So the customer has a workaround.)

A communication Proxy has nothing to do with NFS-Proxy. Is this
correct ?
So adding a communication-proxy should be independent from
added NFS-proxy.

If this is already asked, please give me the pointer.
Any hints ?
(Oherwise I would/must open a level-3 IPMT)

Kind regards
Norbert Woerle, CSC Munich
T.RTitleUserPersonal
Name		DateLines
5368.1you can't map anyone from anywhere to different accountsLNZALI::BACHNERMouse not found. Click OK to continueTue Mar 25 1997 09:5125
Norbert,

.0> UCX> add proxy norbert/remote=*/host=*

enters a communication proxy which is used for any user from any host.
If you no try to add e.g.

UCX> add proxy hans /remote=* /host=*

UCX will detect that there is already a proxy entry for host * remote user * and
returns the 'duplikate key' error.

Think of it - if a request comes from *any* user on *any* node how should UCX
figure out which proxy to use ?

If you have unique usernames on the LAN, you could try

UCX> add proxy norbert /host=* /remote_user=norbert
UCX> add proxy hans /host=* /remote_user=hans

though the /host=* approach needs to be carefully evaluated because it opens a
enormous security hole.

Hope this helps,
Hans.
5368.2bug or no ?MUNICH::WOERLETue Mar 25 1997 13:5855
    		hello Hans,
    
    many thanks for your reply.
    
    .-1
    The security aspect is not important for the customer.
    The customer wants that any remote user from any remote host maps
    with one VMS-user and so can use this communication proxy f.e via
    rlogin.
    
    So he does a 
    
    UCX> add proxy <VMS-user>/remote=*/host=*
    
    What the customer wants with this command is that any remote-user from
    any remote-host maps with this VMS-User.
    
    This command gives no error since no other *NFS-Proxy* is in the 
    UCX Proxy database.
    With other words :
    If a Communication Proxy already exists in the Proxy Database then
    this command gives the error "duplicate key" and this is *CORRECT*
    But if no Communication proxy exists in the proxy database but a
    NFS-proxy why does this command gives this error.
    What have a communication proxy to do with a NFS proxy ?
    
    Have I misunderstood something ?
    
    You can easily reproduce the problem
    
    1) rename your Proxy-database
      $rename sys$system:ucx$proxy.dat ucx$proxy.old
    
    2) create a new *empty* one
    UCX>create proxy
    
    3)add any NFS-proxy
    UCX>add proxy <vms-user>/uid=100/gid=10/host="xyz"
    
    4)add  the wildcard Communication Proxy
    UCX>add proxy <VMS-user>/remot=*/host=*
    
    ===> this gives you the "duplicate" error.
    
    I don't understand what the NFS-Proxy has to do with this Communication
    proxy.
    The NFS Proxy is for incoming (and/or outgoing) NFS-requests.
    The Communication-Proxy is for Rlogin, RCP, RSH and LPD.
    
    For me this behaviour is a bug. 
    Again is this correct or have I misunderstood something?
    
    Kind regards
    
    Norbert
5368.3ooops, pilot errorLNZALI::BACHNERMouse not found. Click OK to continueMon Apr 07 1997 10:467
Sorry for not reading .0 thoroughly enough. I'd escalate the problem.

As it works if your enter the comm proxy *before* the NFS proxy, there's at
least a workaround until the problem is fixed.

Regards,
Hans.