[Info-vax] Need to set up a special purpose account

Tom Adams tadamsmar at gmail.com
Fri Oct 7 15:37:15 EDT 2016 

On Friday, October 7, 2016 at 3:08:28 PM UTC-4, Stephen Hoffman wrote:
> On 2016-10-07 16:25:24 +0000, Tom Adams said:
> 
> > On Friday, October 7, 2016 at 11:38:34 AM UTC-4, Stephen Hoffman wrote:
> >> 
> >> Please review and follow the steps involved in setting up anonymous  
> >> access.  You've most likely missed a step in the setup of the anonymous 
> >>  username.
> > 
> > I checked those in the documentation here:
> > 
> > http://h41379.www4.hpe.com/doc/83final/6526/6526pro_040.html#bottom_040
> 
> Please post the SYSUAF anonymous username entry, the anonymous and 
> FTP-related logical names, directory ownerships, and DIRECTORY 
> /SECURITY of the anonymous directory and the anonymous log area.
> 
> >> Please see if a login with a valid username and password works.
> > 
> > It works with other account usernames and passwords.
> 
> That implies that the configuration error — whether DISUSER flag or 
> other such — is something specific to the anonymous login, or the 
> ownership of the anonymous directory, or some related logical name.   
> That also implies that the local network is working correctly, and that 
> there isn't a firewall in the way.    Verify the logical names, the 
> anonymous directory and anonymous login directory ownership (usually 
> [ANONY,ANONYMOUS]), and the rest of the baggage.

It's no disuser.  I all the UICs are correct and the account has read access to it's login directory files.

All this stuff was created automatically. I felt I was just going to have to push Fred Jetson's big button 8 man-hours ago and still counting...

> 
> >> Please also review the FTP server logs on the target system, looking 
> >> for indications of errors or issues.
> > 
> > The log is totally empty even though I have tried to login multiple times.
> 
> Next step is reviewing and confirming the changes, and checking system 
> accounting data for any details on the connection or login failures.
> 
> >> Please ensure that your system-wide login is readable or at least  
> >> executable by all users.
> > 
> > Not sure what that means.
> 
> The system wide login is SYLOGIN.COM.   Make sure that DCL command 
> procedure is world readable, or at least world executable.   Most 
> systems have that SYLOGIN around, and I've met more than a few that 
> have everybody logging in as privileged or in the right group to access 
> that file or a constituent file, and access failures blow out CAPTIVE 
> login attempts.
> 
> > But there are no restriction on accounts except those specified in the UAF
> 
> So you have checked the flags on the anonymous user, specifically 
> looking for DISUSER or other settings that might block the login?
> 
> > It's frustrating.  I could have just set up a restricted account and 
> > that would have worked right off the bat.
> 
> You're on OpenVMS.   This system is not designed to work "right off the 
> bat".    This system is designed to (usually) work the way that the 
> detailed recipes in the docs describe — once the proper docs are 
> located — and with error handling, troubleshooting and related details 
> usually not included in that same part of the documentation, and all of 
> this requiring more than a little experience.   As much as I think that 
> approach stinks, and that that approach is outdated, and that that 
> approach is long overdue for a rethink and a wholesale replacement.   
> But I digress.
> 
> > I may just blow away the anonymous account and create my own restricted 
> > account.
> 
> Best to figure out what's going on here.   Blowing away accounts or 
> directories can get TCP/IP Services confused or even more tangled, 
> unfortunately.   I've had TCPIP$CONFIG tip over in that logic on 
> several occasions.   Why the tool even gets itself into these 
> situations is another discussion.  That and other such tools should 
> have just created all the user entries, all the directories, and the 
> rest, in one place, and allowed folks to enable or disable the entries 
> and services individually if and as needed, as that's far less complex 
> than dealing with directory creations and such all over the place.   We 
> aren't on dinky VAX boxes anymore, after all.
> 
> 
> -- 
> Pure Personal Opinion | HoffmanLabs LLC

None of the anonymous-related logical names are defined.

More information about the Info-vax mailing list