Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!uucp@decwrl.DEC.COM@muscat.UUCP
From: uucp@decwrl.DEC.COM@muscat.UUCP
Newsgroups: mod.computers.vax
Subject: Submission for mod-computers-vax
Message-ID: <8612031819.AA06879@muscat.UUCP>
Date: Wed, 3-Dec-86 13:18:49 EST
Article-I.D.: muscat.8612031819.AA06879
Posted: Wed Dec  3 13:18:49 1986
Date-Received: Fri, 5-Dec-86 00:10:30 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 100
Approved: info-vax@sri-kl.arpa

Path: muscat!decwrl!boroff
From: boroff@decwrl.DEC.COM (E. Boroff |/  NCSS)
Newsgroups: mod.computers.vax
Subject: PSI Secuirty
Message-ID: <6687@decwrl.DEC.COM>
Date: 3 Dec 86 16:18:06 GMT
Sender: daemon@decwrl.DEC.COM
Organization: Digital Equipment Corporation
Lines: 90


   I've been instructed by PSI engineering to forward this onto:
   "HGRRUG51.BTNET!KROON". Since I am unable to reach this person directly,
   I've resorted to this bb.
   
   Regards, 
 	eric \|/  (NCSS) Network & Communications System Support
   		  LKG1-3/B19

		  ...decvax!decwrl!dec-rhea!dec-bagels!boroff

   --:

The new psi authorize manual for psi v4.0 is better than the previous one.
Below is an example of a psi_authorize.com with DTE numbers altered
accordingly.

Things also to know:
. the rights ids PSI$X25_USER and PSI$DECLNAME are used within PSI.  If these
  are not defined, then PSI does not use them. If they are defined, then they
  are used by PSI, and hence must be granted to the relevent people and objects.

$	!
$	!	PSI_SECURITY.COM
$	!
$	!	This command procedure is used to set up the PSI security 
$	!	database when PSI is loaded
$	!
$
$	!
$	!	PSIAUTHORIZE commands should follow this RUN command
$	!
$	run sys$system:psiauthorize
!
!	create the identifiers used by by security
!
add/id	psi$x25_user
add/id	psi$declname
!
add/id	psi_incoming
add/id	psi_outgoing
add/id	psi_test
add/id	psi_mail
add/id	psi_x29
add/id  psi_x400
!
!	Set up a list of the DTE's we know about and their rights
!
! Our cluster - DTE 1
grant/id/dte/net=net_combination	psi_incoming	123456789011
grant/id/dte/net=net_combination	psi_mail	123456789011
grant/id/dte/net=net_combination	psi_x29		123456789011
grant/id/dte/net=net_combination	psi_trusted	123456789011
!Our cluster - DTE 2
grant/id/dte/net=net_combination	psi_incoming	123456789012
grant/id/dte/net=net_combination	psi_mail	123456789012
grant/id/dte/net=net_combination	psi_x29		123456789012
grant/id/dte/net=net_combination	psi_trusted	123456789012
!Our cluster - DTE 3
grant/id/dte/net=net_combination	psi_incoming	123456789013
grant/id/dte/net=nte_combination	psi_mail	123456789013
grant/id/dte/net=net_combination	psi_x29		123456789013
grant/id/dte/net=net_combination	psi_trusted	123456789013
! Other good sites - DTE 4
grant/id/dte/net=net_combination	psi_incoming	123456789014
grant/id/dte/net=net_combination	psi_mail	123456789014
grant/id/dte/net=net_combination	psi_x29		123456789014
! Other good sites - DTE 5
grant/id/dte/net=net_combination	psi_incoming	123456789015
grant/id/dte/net=net_combination	psi_mail	123456789015
grant/id/dte/net=net_combination	psi_x29		123456789015
!
!	set up the DTE filter
!
set dte/net=net_combination all/new/acl=((id=psi_incoming,ac=in),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out))
set dte/net=net_combination 123456789011/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out))
set dte/net=net_combination 123456789012/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out))
set dte/net=net_combination 123456789013/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out))
set dte/net=net_combination 123456789014/acl=((id=psi_incoming,ac=in+rev))
set dte/net=net_combination 123456789015/acl=((id=psi_incoming,ac=in+rev))
! other sites - allow `x400' access
set dte/net=net_combination 123456789018/acl=((id=psi_x400,ac=in+rev),(id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char))
set dte/net=net_combination 123456789019/acl=((id=psi_x400,ac=in+rev),(id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char))
!
!	set up the destination filter
!
set dest */ac=(id=psi_trusted,ac=in+rev)/new
set dest psi_mail/ac=(id=psi_mail,ac=in)
set dest x29-server/ac=((id=psi_x29,ac=in))
set dest x4nod /acl=(id=psi_x400,ac=incoming)