HP OpenVMS Guide to System Security > Chapter 12 Security in a Network Environment

Hierarchy of Access Controls

  Table of Contents



Whenever a DECnet node attempts to connect to a remote DECnet node, it sends access control information to the remote node. Access control information can come from a number of sources. The following list shows the hierarchy of access control from highest to lowest priority:

  1. The network user on the local node can explicitly supply access control information. If this is the case, the remote node uses the access control information. See “Using Explicit Access Control” for information about explicit access control.

  2. The local node checks to see if outgoing proxy access is enabled for a local node or an application. If proxy is enabled, the local node sends the initiating user name in the connect request. If proxy is also enabled on the remote node, the DECnet software determines if the initiating user has proxy access. See “Using Proxy Logins” and “Proxy Access Control” for information about proxy access control.

  3. When the remote node sees that no access control has been specified and that no proxy is applicable, it checks the configuration database. If the database contains an application user name, it uses that name. See “Using Default Application Accounts” and “Using DECnet Application (Object) Accounts” for information about default application accounts.

  4. If there is no default application user name in its configuration database, the remote node checks the configuration database for default nonprivileged DECnet user name information. If the information is there, the remote node uses the default nonprivileged DECnet user name. See “Using DECnet Application (Object) Accounts” for information about the default DECnet account.

Finally, if none of these sources supply the information, the connection fails.

Using Explicit Access Control

Users can execute either a DCL or an NCP command on a remote node by supplying explicit access control information. The access control information contains a user name and password and provides access to a specific account on the remote system. To supply explicit access control information, you can use either a standard OpenVMS node specification or an NCP command:

  • In the OpenVMS node specification, the access control string consists of the user name for the remote account and the user's password enclosed within quotation marks:

    NODE"username password"::disk:[directory]file.typ

    In the following, user Puterman uses an access control string to copy the file BIONEWS.MEM:

  • If you want to execute an NCP command on a remote node, you can do so by specifying a user name and password.

    In the following example, you can display all characteristics information about the application MAIL on the remote node TORONTO:


Using Proxy Logins

A proxy login enables a user logged in at a remote node to be logged in automatically to a specific account at the local node, without having to supply any access control information. Note that a proxy login is not the same as an interactive login. A proxy login means that specific network access operations can be executed, such as a copy operation. By contrast, an interactive login requires a user to supply a user name and password before the user can perform any interactive operations.

To establish a proxy login on the local node, the remote user must have a default proxy account on the local node that maps to a local user name. The remote user assumes the same file access, rights, and privileges as the local user name. You can use the proxy login capability to increase security because it minimizes the need to specify explicit access control information in node specifications passed over the network or stored in command procedures.

Note that network applications can also be assigned proxy login access.

The use of access control strings is not permitted in an evaluated configuration. Proxy login accounts should be used in the evaluated configuration.

Using Default Application Accounts

Another form of access control specific to network applications is default account information used by inbound connects from remote nodes that send no access control information. Because the remote node supplies no access control information, the local node uses the default information you specify for the application to make the connection.

You can use the following command to store default access control information about the application in the network configuration database: