home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!moe.ksu.ksu.edu!ux1.cso.uiuc.edu!usenet.ucs.indiana.edu!master.cs.rose-hulman.edu!rosevc.rose-hulman.edu!mgrthh
- From: mgrthh@rosevc.rose-hulman.edu (Thomas H. Hopson)
- Newsgroups: comp.os.vms
- Subject: Re: TT_AccPorNam field remains null on a SHOW USERS output ?
- Date: 30 Dec 1992 08:07:30 GMT
- Organization: Rose-Hulman Institute of Technology
- Lines: 59
- Distribution: world
- Message-ID: <1hrlc2INNr4g@master.cs.rose-hulman.edu>
- References: <01GSVSPU15CY006MJF@VAXF.COLORADO.EDU>
- Reply-To: mgrthh@rosevc.rose-hulman.edu
- NNTP-Posting-Host: hydra.rose-hulman.edu
-
-
- In article <01GSVSPU15CY006MJF@VAXF.COLORADO.EDU>, DWING@UH01.Colorado.EDU (Dan Wing) writes:
-
- >(To the best of my limited knowledge) LOGINOUT.EXE is responsible for setting
- >this field.
-
- I believe TTDRIVER and associated TT-based DRIVERs are responsible for
- allocating space for and initializing the access port name. In the case of
- LAT terminal sessions, it would be the LTDRIVER code. When a terminal server
- issues a connection request to a VMS interactive temrinal service, the
- LTDRIVER code will create an LTAnn: device (including settting up the access
- port name) and pass on an unsolicited input to the job controller process to
- initiate an interactive login.
-
- By the time that LOGINOUT.EXE is activated with its input as the LTAnn: device,
- the access port name should have already been set. If it is not set by that
- time, it probably never will be.
-
- [The reason that I say *probably* here is that the UCX 1.3 TNDRIVER code would
- do weird things when setting access port names. Namely, it would pass along
- unsolicited input from a TNAnn: device it had just created *BEFORE* it had
- set the access port name. The access port name would then be set by the driver
- by the time its process had reached SYLOGIN. This would cause security audit
- logs to always show _TNAnn: terminals with blank access port names on login,
- but with set access port names on logout.
-
- My only speculation as to why this was the case with TNDRIVER was that UCX was
- waiting for a reverse name translation on the source IP address to either
- succeed or time out. If it succeeded, it would use the form
- "Host: <name> Port: <port>"
- otherwise the form
- "Host: <number> Port: <port>".
- In any case, I ended up putting a check in SYLOGIN to wait until the access
- port name was set in the case of TNAnn: terminals, so I could reliably check for
- off-campus logins. The check would fire off an OPCOM request if saw a blank
- access port name, and I only saw requests once or twice, so it wasn't *too*
- bad....
-
- This seems to be fixed or at least better in UCX 2.0.]
-
- >... Somewhat related to this, it shore would be 'cool' if DEC could include
- >this same information for the FTAnn: devices for X terminals. Ah, well,
- >maybe next version?
-
- I installed a hook into FTDRIVER called ATG_FT_PATCH from one of the recent
- DECUS tapes (also available off ftp.spc.edu in [.macro32.savesets] or from
- Hunter Goatley's fileserv). It forces FTDRIVER to allocate space for an
- access port name that can be later set under program control.
-
- We use it with EWS terminals and VT1200s to set access port names on FTAnn:
- terminals during SYLOGIN to things like "DECWmotif/TEWS01" and
- "DECWmotif/LAT_08002B29CB31". Of course, it doesn't show in the audit logs,
- but it does during a SHOW USERS. Ah well....
-
- --
- Thomas H. Hopson work: mgrthh@rosevc.rose-hulman.edu
- VMS Manager / CS geek mgrthh@rhit
- Rose-Hulman Institute of Technology play: hopsonth@cs.rose-hulman.edu
- Terre Haute, Indiana
-
