Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

get help on bypass the password on WindowXP rexec command to VMS

 
SOLVED
Go to solution
Desmond Or
Advisor

get help on bypass the password on WindowXP rexec command to VMS

I execute the rexec command on the WindowXP laptop to our VMS (8.3) system. It prompts for the login account password when starts the connection. I try to use the rcmd on our Unix system and connect to the same VMS system. It can bypass the password. Does anybody know that I missed some setting on WindowXP or the VMS tcpip configuration?
3 REPLIES 3
Jess Goodman
Esteemed Contributor
Solution

Re: get help on bypass the password on WindowXP rexec command to VMS

Try these commands on your VMS system. They should point to the solution.

$ TCPIP SHOW PROXY
$ TCPIP HELP ADD PROXY

I have one, but it's personal.
Steven Schweda
Honored Contributor

Re: get help on bypass the password on WindowXP rexec command to VMS

Ideally, you'd provide some identity info on
the IP software used on the VMS system (of
which there is more than one possibility).
Assuming that it's HP's TCPIP, you could try
TCPIP SHOW VERSION

On a UNIX-like server, a user can create a
"~/.rhosts" file to permit rsh/rexec access
without a password. With TCPIP, the system
manager, not the user, controls this by
creating "Communication Proxies" in the TCPIP
proxy data base. (TCPIP ADD PROXY, as
already suggested.)

It may also be possible to use SSH instead of
rsh/rexec, which can give the user a bit more
control, if public-key authorization is used.
John Gillings
Honored Contributor

Re: get help on bypass the password on WindowXP rexec command to VMS

Desmond,

As others have said, SSH is a more secure mechanism, but proxies are a bit simpler.

You need to tell TCPIP on the OpenVMS system to allow connections from a particular source - usually a node/user pair.

The tricky part is, depending on the network topology and operating systems involved, you may find the source node is not what you expect (for example, if you traverse a firewall, or proxy server to get to the target you'll see the proxy as the perceived source). Some systems might not send a source username.

Start by TELNETting into your host, giving the username and password for the target account. Check the source node with:

$ SHOW LOGICAL SYS$REM_NODE

Now check the source username with:

$ WRITE SYS$OUTPUT F$GETDVI("TT","TT_ACCPORNAM")

If there is a perceived source username, it will be after the slash "/" character.

You can now define a proxy:

$ TCPIP ADD PROXY /HOST= /REMOTE_USER=

If there is no source user in the TT_ACCPORNAM string, you'll need to use "*" to indicate "any user".

Be careful with wildcards. If you have a proxy or firewall, with a "*" you may be granting access to virtually anyone!
A crucible of informative mistakes