From: eplan@kapsch.net
Sent: Thursday, January 04, 2001 2:27 PM
To: Info-VAX@Mvb.Saic.Com
Subject: Re: using a multihead XP1000 workstation

In article <932i1l$267$1@news.inet.tele.dk>, "Jesper Naur" <jesper.naur@post.tele.dk> writes:
>Fred Kleinsorge <kleinsorge@star.zko.dec.com> wrote in message
>news:932esf$9nh6$1@lead.zk3.dec.com...
>> You can place a file in the
>> sys$manager account: decw$server_access_allowed.dat (it's been a long time -
>> I think that's the name) which has a host list in it, that will be used as a
>> fallback.  The format is the same as the security setup::
>>
>> protocol hostname username
>>
>> In plain ASCII format.
>
>The correct name is:
>
>        SYS$MANAGER:DECW$SERVER_ACCESS_TRUSTED.DAT

No, Fred is right.
There are two different files:

	SYS$MANAGER:DECW$SERVER_ACCESS_ALLOWED.DAT
	SYS$MANAGER:DECW$SERVER_ACCESS_TRUSTED.DAT

with AFAIK almost identical functionality. IIRC one is used for the access
to the X11 server and the other is used for the change access to the host
access list on this X11 server (like read-only versus read-write access)
while noone is logged on to the graphic display controlled by the x11 server.

Logging in means loading the user's security settings (stored in the file
DECW$SMB_SECURITY.DAT - modified by Session Manager Menu "Options"
"Security" or - by brute force - with an editor) to the X11 server (with
the SYS$SYSTEM:DECW$WSINIT.EXE) thus overriding whatever security was
defined via SYS$MANAGER:DECW$SERVER_ACCESS_*.DAT files...

Hhhhm, time to read the docs again to be sure. It's too long ago. Sigh.

-- 
Peter "EPLAN" LANGSTOEGER           Tel.    +43 1 81111-2651
Network and OpenVMS system manager  Fax.    +43 1 81111-888
<<< KAPSCH AG  Wagenseilgasse 1     E-mail  eplan@kapsch.net
A-1121 VIENNA  AUSTRIA              "I'm not a pessimist, I'm a realist"