Proxy Login

From VSI OpenVMS Wiki
Revision as of 07:10, 28 February 2019 by Darya.zelenina (talk | contribs) (Created page with "A '''proxy login''' enables a user logged in at a remote node to be logged in automatically to a specific account at the local node, without having to supply any access contro...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A proxy login enables a user logged in at a remote node to be logged in automatically to a specific account at the local node, without having to supply any access control information, to perform specific non-interactive file operations such as copying files. This can be used to increase security because it minimizes the need to specify explicit access control information in node specifications passed over the network or stored in command procedures.

Example

Copying files from a remote node with proxy login:

COPY remotenode::file-spec file-spec  

Without proxy login:

COPY remotenode"proxyacct"::file-spec file-spec  

Proxy logins vs interactive logins

Note that a proxy login is not the same as an interactive login. A proxy login means that specific network access operations can be executed, such as a copy operation. By contrast, an interactive login requires a user to supply a user name and password before the user can perform any interactive operations.

Proxy login accounts

To establish a proxy login on the local node, the remote user must have a default proxy account on the local node that maps to a local user name. The remote user assumes the same file access, rights, and privileges as the local user name.

Creating proxy login accounts

For maximum security:

  • define proxy login accounts as restricted
  • remove interactive, batch and network access
  • avoid granting privileges to proxy login accounts
  • check the default protection on the directory and customize it if necessary
  • examine the login command procedure specified on the account and security settings of the command procedure file

Enabling proxy login accounts

Proxy logins are established in the AUTHORIZE utility using the proxy database file. If no proxy database file exists, you may need to create one using CREATE/PROXY. To add a proxy, use ADD/PROXY remote_node::remote_user local_user/default. You can add as many proxies on the same local account as necessary. To display a proxy, use SHOW/PROXY remote_node::remote_user. To modify a proxy, use MODIFY/PROXY remote_node::remote_user. To delete a proxy, use REMOVE/PROXY remote_node::remote_user.

See also