I would like to know by enabling REXEC service, do I have the options or how to restrict a particular IP and logon ID for client to access. Appreciate your details explanation and help.
In addition to the previous reply, you can set up a firewall box in front of the OpenVMS box. Smoothwall, M0n0wall, "pro-sumer" SMB/SOHO firewalls and high(er)-end network firewalls can all be options. This firewall has other advantages.
One-line questions are often surprisingly difficult to answer. What are you up to, and what are the details of the particular problem you're looking to solve? (I understand the direct question as did the previous poster, but there may be alternatives here that have not been considered.)
You could check credentials in SYLOGIN.COM, for instance.
Or use ssh and related.
Or use a web server and CGI.
Or...
As a general comment, the old-style r-tools such as rexec can be pretty leaky as network and data security goes, too.
I wholeheartedly second Hoff's comment. Firewalls and TCP settings cannot (generally) discriminate by user, they are limited to discriminating by IP address.
Other methods involving validating the user once the connection is established can be more finely tuned. If trying to block access to remote users, blocking outside IP addresses is helpful, but a rogue office user could appear to come from a local IP address using a zombie program (or simply GOTOMYPC).
More information about the actual application requirement would perhaps make it possible to come up with a better suggestion as to how to accomplish the goal in a safe and secure way.
A quick check of the SSL www pages leads one to the release notes and the pre-requisites, including OpenVMS 7.3-2. Please read the release notes as a starting point.
It goes without saying that when creating X.509 certificates for this purpose, I do not not recommend that clients use self-signed certificates for any purpose other than testing, and often not even that.
Since you're running 7.3-2, you may be running TCP/IP Services v5.4. If that's the case (or if you're running a third party stack), you can use SSH as a direct replacement for RSH -- you can issue a single command line just as you can with RSH, but in a secure, encrypted, and authenticated connection.
Try issuing the command "ssh -h" to see if it works. You may need to setup the server environments on both systems if that's not already been done. See the online docu for SSH here:
