HPE Community
Operating System - OpenVMS
1752530 Members
4519 Online
108788 Solutions
New Discussion юеВ

Re: get help on bypass the password on WindowXP rexec command to VMS

 
SOLVED
Go to solution
Desmond Or
Advisor

тАО01-29-2008 11:42 AM

тАО01-29-2008 11:42 AM

get help on bypass the password on WindowXP rexec command to VMS

I execute the rexec command on the WindowXP laptop to our VMS (8.3) system. It prompts for the login account password when starts the connection. I try to use the rcmd on our Unix system and connect to the same VMS system. It can bypass the password. Does anybody know that I missed some setting on WindowXP or the VMS tcpip configuration?
0 Kudos
Reply
3 REPLIES 3
Jess Goodman
Esteemed Contributor

тАО01-29-2008 12:36 PM

тАО01-29-2008 12:36 PM

Solution

Re: get help on bypass the password on WindowXP rexec command to VMS

Try these commands on your VMS system. They should point to the solution.

$ TCPIP SHOW PROXY
$ TCPIP HELP ADD PROXY

I have one, but it's personal.
Reply
Steven Schweda
Honored Contributor

тАО01-29-2008 01:02 PM

тАО01-29-2008 01:02 PM

Re: get help on bypass the password on WindowXP rexec command to VMS

Ideally, you'd provide some identity info on
the IP software used on the VMS system (of
which there is more than one possibility).
Assuming that it's HP's TCPIP, you could try
TCPIP SHOW VERSION

On a UNIX-like server, a user can create a
"~/.rhosts" file to permit rsh/rexec access
without a password. With TCPIP, the system
manager, not the user, controls this by
creating "Communication Proxies" in the TCPIP
proxy data base. (TCPIP ADD PROXY, as
already suggested.)

It may also be possible to use SSH instead of
rsh/rexec, which can give the user a bit more
control, if public-key authorization is used.
Reply
John Gillings
Honored Contributor

тАО01-29-2008 03:20 PM

тАО01-29-2008 03:20 PM

Re: get help on bypass the password on WindowXP rexec command to VMS

Desmond,

As others have said, SSH is a more secure mechanism, but proxies are a bit simpler.

You need to tell TCPIP on the OpenVMS system to allow connections from a particular source - usually a node/user pair.

The tricky part is, depending on the network topology and operating systems involved, you may find the source node is not what you expect (for example, if you traverse a firewall, or proxy server to get to the target you'll see the proxy as the perceived source). Some systems might not send a source username.

Start by TELNETting into your host, giving the username and password for the target account. Check the source node with:

$ SHOW LOGICAL SYS$REM_NODE

Now check the source username with:

$ WRITE SYS$OUTPUT F$GETDVI("TT","TT_ACCPORNAM")

If there is a perceived source username, it will be after the slash "/" character.

You can now define a proxy:

$ TCPIP ADD PROXY /HOST= /REMOTE_USER=

If there is no source user in the TT_ACCPORNAM string, you'll need to use "*" to indicate "any user".

Be careful with wildcards. If you have a proxy or firewall, with a "*" you may be granting access to virtually anyone!
A crucible of informative mistakes
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.