Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!decvax!ucbvax!UUCP@nsc.nsc.com@decwrl.UUCP From: UUCP@nsc.nsc.com@decwrl.UUCP Newsgroups: mod.computers.vax Subject: Submission for mod-computers-vax Message-ID: <8612040150.AA09223@nsc.NSC.COM> Date: Wed, 3-Dec-86 20:50:08 EST Article-I.D.: nsc.8612040150.AA09223 Posted: Wed Dec 3 20:50:08 1986 Date-Received: Fri, 5-Dec-86 00:12:25 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 100 Approved: info-vax@sri-kl.arpa Path: nsc!decwrl!boroff From: boroff@decwrl.DEC.COM (E. Boroff |/ NCSS) Newsgroups: mod.computers.vax Subject: PSI Secuirty Message-ID: <6687@decwrl.DEC.COM> Date: 3 Dec 86 16:18:06 GMT Sender: daemon@decwrl.DEC.COM Organization: Digital Equipment Corporation Lines: 90 I've been instructed by PSI engineering to forward this onto: "HGRRUG51.BTNET!KROON". Since I am unable to reach this person directly, I've resorted to this bb. Regards, eric \|/ (NCSS) Network & Communications System Support LKG1-3/B19 ...decvax!decwrl!dec-rhea!dec-bagels!boroff --: The new psi authorize manual for psi v4.0 is better than the previous one. Below is an example of a psi_authorize.com with DTE numbers altered accordingly. Things also to know: . the rights ids PSI$X25_USER and PSI$DECLNAME are used within PSI. If these are not defined, then PSI does not use them. If they are defined, then they are used by PSI, and hence must be granted to the relevent people and objects. $ ! $ ! PSI_SECURITY.COM $ ! $ ! This command procedure is used to set up the PSI security $ ! database when PSI is loaded $ ! $ $ ! $ ! PSIAUTHORIZE commands should follow this RUN command $ ! $ run sys$system:psiauthorize ! ! create the identifiers used by by security ! add/id psi$x25_user add/id psi$declname ! add/id psi_incoming add/id psi_outgoing add/id psi_test add/id psi_mail add/id psi_x29 add/id psi_x400 ! ! Set up a list of the DTE's we know about and their rights ! ! Our cluster - DTE 1 grant/id/dte/net=net_combination psi_incoming 123456789011 grant/id/dte/net=net_combination psi_mail 123456789011 grant/id/dte/net=net_combination psi_x29 123456789011 grant/id/dte/net=net_combination psi_trusted 123456789011 !Our cluster - DTE 2 grant/id/dte/net=net_combination psi_incoming 123456789012 grant/id/dte/net=net_combination psi_mail 123456789012 grant/id/dte/net=net_combination psi_x29 123456789012 grant/id/dte/net=net_combination psi_trusted 123456789012 !Our cluster - DTE 3 grant/id/dte/net=net_combination psi_incoming 123456789013 grant/id/dte/net=nte_combination psi_mail 123456789013 grant/id/dte/net=net_combination psi_x29 123456789013 grant/id/dte/net=net_combination psi_trusted 123456789013 ! Other good sites - DTE 4 grant/id/dte/net=net_combination psi_incoming 123456789014 grant/id/dte/net=net_combination psi_mail 123456789014 grant/id/dte/net=net_combination psi_x29 123456789014 ! Other good sites - DTE 5 grant/id/dte/net=net_combination psi_incoming 123456789015 grant/id/dte/net=net_combination psi_mail 123456789015 grant/id/dte/net=net_combination psi_x29 123456789015 ! ! set up the DTE filter ! set dte/net=net_combination all/new/acl=((id=psi_incoming,ac=in),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out)) set dte/net=net_combination 123456789011/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out)) set dte/net=net_combination 123456789012/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out)) set dte/net=net_combination 123456789013/acl=((id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char),(id=psi_test,ac=out)) set dte/net=net_combination 123456789014/acl=((id=psi_incoming,ac=in+rev)) set dte/net=net_combination 123456789015/acl=((id=psi_incoming,ac=in+rev)) ! other sites - allow `x400' access set dte/net=net_combination 123456789018/acl=((id=psi_x400,ac=in+rev),(id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char)) set dte/net=net_combination 123456789019/acl=((id=psi_x400,ac=in+rev),(id=psi_incoming,ac=in+rev),(id=psi_outgoing,ac=out+char)) ! ! set up the destination filter ! set dest */ac=(id=psi_trusted,ac=in+rev)/new set dest psi_mail/ac=(id=psi_mail,ac=in) set dest x29-server/ac=((id=psi_x29,ac=in)) set dest x4nod /acl=(id=psi_x400,ac=incoming)