HP OpenVMS Systems Documentation

HP TCP/IP Services for OpenVMS

HP TCP/IP Services for OpenVMS
Management

21.3.2 XACCESS.TXT File

The XACCESS.TXT file, a required file, allows or restricts access to remote X servers. If the XACCESS.TXT file is not present, the system restricts all remote X server access. You use this file to control the way XDM responds to broadcast, direct, and indirect requests from X servers.

The default file specification for the XACCESS.TXT configuration file is:

SYS$SPECIFIC:[TCPIP$XDM]XACCESS.TXT

If you choose to use another file name or directory location, you can override the default by adding a line in the XDM_CONFIG.CONF file similar to the following:

DisplayManager.accessFile:  WORK1$:[XDM]XACCESS.TXT

Example 21-2 shows a sample XACCESS.TXT configuration file.

Example 21-2 XACCESS.TXT File

#
# File name:      XACCESS.TXT
# Product:        HP TCP/IP Services for OpenVMS
# Version:        V5.4
#
# © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
#

#
# access control file for XDMCP connections
#

#
# To control Direct and Broadcast access:
#
# pattern
#
# To control Indirect queries:
#
#  pattern  list of hostnames and/or macros ...
#
# To define macros:
#
#       %name  list of hosts ...
#
# The first form tells xdm which displays to respond to itself.
# The second form tells xdm to forward indirect queries from hosts
# matching the specified pattern to the indicated list of hosts.
#
# In all cases, xdm uses the first entry which matches the terminal;
# for IndirectQuery messages only entries with right hand sides can
# match, for Direct and Broadcast Query messages, only entries without
# right hand sides can match.
#

*     #any host can get a login window

#
# To hardwire a specific terminal to a specific host, you can
# leave the terminal sending indirect queries to this host, and
# use an entry of the form:
#

#terminal-a host-a

Allowing Direct Access

To allow access, add a line to the XACCESS.TXT file with the host name, as shown in the following example:

condor.company.com

Denying Access

To restrict access, add a line to the XACCESS.TXT file with the host name, preceded by an exclamation point, as shown in the following example:

!rufus.company.com

You can use the question mark (?) and the asterisk (*) wildcard characters to specify host names that vary with one character or more than one character.

Allowing Indirect Access

To allow indirect access, add a line to the XACCESS.TXT file similar to the following line:

rufus.company.com     richard.company.com henry.company.com william.company.com

21.3.3 XSERVERS.TXT File

The XSERVERS.TXT file was originally used to specify all X servers to be managed by XDM. However, since the introduction of XDMCP, there is no need to specify X servers that are XDMCP compatible in this file.

This file now specifies the X servers that do not support XDMCP. Unlike other XDM implementations, this file is not used to specify XDM support for the local display server.

The default file specification for the XSERVERS.TXT file is:

SYS$SPECIFIC:[TCPIP$XDM]XSERVERS.TXT

If you choose to use a different name and directory location, you can override the default by adding a line to the XDM_CONFIG.CONF file similar to the following line:

DisplayManager.servers:  WORK1$:[XDM]XSERVERS.TXT

Example 21-3 shows a sample XSERVERS.TXT configuration file.

Example 21-3 XSERVERS.TXT File


#
# File name:      XSERVERS.TXT
# Product:        HP TCP/IP Services for OpenVMS
# Version:        V5.4
#
# © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
#

#
# This file can be used to suppport X terminals which do not support XDMCP
#

#
# For each terminal, add a line that consists of
#     DisplayName:0 foreign
#
# Where DisplayName is a IP name.
#
rufus.compaq.com:0 foreign

In Example 21-3, the word "foreign" indicates that the X server is running on another machine.

21.3.4 XDM_KEYS.TXT File

The XDM_KEYS.TXT file provides XDM-AUTHENTICATION-1 style XDMCP authentication. This optional file contains key ID and key value pairs for use with X terminals that support or require XDM authorization.

Each noncomment line in the XDM_KEYS.TXT file contains a display ID and a key value. The file is used when a request containing a display ID key is received from an X terminal. The corresponding key value is encrypted and returned to the X terminal. If the key value in the configuration file matches the key value specified by the X terminal's control information, the session is allowed.

The default file specification for the XDM_KEYS.TXT files is:

SYS$SPECIFIC:[TCPIP$XDM]XDM_KEYS.TXT

If you choose to use a different name and directory location, you can override the default by adding a line to the XDM_CONFIG.CONF file similar to the following line:

DisplayManager.keyFile:  WORK1$:[XDM]XDM_KEYS.TXT

Example 21-4 shows a sample XDM_KEYS.TXT configuration file.

Example 21-4 XDM_KEYS.TXT

#
# File name:      XDM_KEYS.TXT
# Product:        HP TCP/IP Services for OpenVMS
# Version:        V5.4
#
# © Copyright 1976, 2003 Hewlett-Packard Development Company, L.P.
#

#
# XDM security key file
#

#
# Excursion Display ID:   Excursion Cookie:
#

test123456    123457

#
# Exceed Display ID:   Exceed Key:
#

HCLpcXserver:629409365   1234568

21.3.5 XDM_XSESSION.COM File

XDM's default operation after login is controlled by the SYS$SYSTEM:TCPIP$XDM_XSESSION.COM file. This file first parses its p1 display parameter nodename[:server[.screen]] and creates the DECwindows display using the following command:

$ SET DISPLAY/CREATE/NODE=""NODENAME"'/TRANSPORT=TCPIP/SERVER='SERVER/SCREEN='SCREEN

The default operation is to then create a Common Desktop Environment using the following command:

$ @CDE$PATH:XSESSION.COM

At present, CDE is only available on Alpha systems in version 1.2-4 or later of DWMOTIF. It is not available on VAX systems. If the CDE command procedure XSESSION.COM is not found on the system, XDM looks for the DECwindows Desktop Session Manager startup command procedure DECW$STARTSM.COM to initiate the session by using the following command:


$ @SYS$MANAGER:DECW$STARTSM.COM

Before executing either of these command procedures (but after performing the SET DISPLAY command), XDM looks for an XDM_XSESSION.COM file in the user's SYS$LOGIN directory. If found, XDM executes that file instead, passing it both the full display specifcation nodename[:server[.screen]] as p1 , and just the nodename as p2 . Users then have full control over exactly what type of session they prefer to start. For example, to simply start a DECterm, the following DCL commands would be placed into their XDM_XSESSION.COM file:


$ CREATE/TERMINAL/WAIT/WINDOW_ATTRIBUTES=(ICON=""p2"",TITLE=window_title)

For a complete description of the CREATE command and its qualifiers, use the DCL command HELP at the OpenVMS system prompt.

21.4 XDM Log Files

XDM maintains three log files to record XDM server and client activity:

XDM server log file
X terminal process log file
User process log file

Table 21-1 lists the XDM log files and their OpenVMS directory locations.

**Table 21-1 XDM Log Files**
Process	File Name	Location
XDM server	TCPIP$XDM_RUN.LOG	SYS$SPECIFIC:[TCPIP$XDM]
X terminal	xterm_name_domain.COM	SYS$SPECIFIC:[TCPIP$XDM.WORK]
	xterm_name_domain.ERR	SYS$SPECIFIC:[TCPIP$XDM.WORK]
	xterm_name_domain.OUT	SYS$SPECIFIC:[TCPIP$XDM.WORK]
User	xterm_name_domain.LOG	SYS$LOGIN

21.5 XDM Server Startup and Shutdown

The XDM server can be shut down and started independently from the rest of the TCP/IP Services software. This is useful when you change parameters or logical names that require the service to be restarted.

The following files are provided:

SYS$STARTUP:TCPIP$XDM_STARTUP.COM allows you to start up the XDM service.
SYS$STARTUP:TCPIP$XDM_SHUTDOWN.COM allows you to shut down the XDM service.

To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services:

SYS$STARTUP:TCPIP$XDM_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when XDM is started.
SYS$STARTUP:TCPIP$XDM_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when XDM is shut down.

21.6 Configuring the XDM Server

To configure your XDM server, you need to:

Run SYS$MANAGER:TCPIP$CONFIG to create the default directories and a user ID for the XDM component. The configuration procedure checks to see whether the following DECwindows components are installed:
- SYS$COMMON:[SYSLIB]DECW$XLIBSHR.EXE
- SYS$COMMON:[SYSLIB]DECW$XTLIBSHRR5.EXE
- SYS$COMMON:[SYSLIB]DECW$TRANSPORT_COMMON.EXE (VAX only)
If the DECwindows components are not found, TCPIP$CONFIG notifies you and gives you the option of configuring XDM, with the assumption that before you attempt to activate XDM you will install the DECwindows components. TCPIP$CONFIG notifies you of this situation with the following prompt:
XDM requires DECwindows components that are not installed. Attempts to activate XDM will fail. Type C to continue with XDM configuration, or E to exit [ E ]:
If necessary, use the template files located in SYS$SPECIFIC:[TCPIP$XDM] to create an XDM_CONFIG.CONF, XSERVERS.TXT, XACCESS.TXT, and XDM_KEYS.TXT file. These files are not required unless you want to:
- Configure a non-XDMCP X display
- Restrict access to a remote X server
- Provide XDMCP authentication
- Change the way XDM computes the display name for XDMCP clients.
Run SYS$MANAGER:TCPIP$CONFIG to enable XDM.

21.7 Ensuring XDM Is Enabled and Running

To make sure that the XDM service is enabled and that the XDM process is running, enter the following TCPIP command:

$ TCPIP SHOW SERVICE XDM

Service             Port  Proto    Process          Address            State

XDM                  177  UDP      TCPIP$XDM        0.0.0.0             Enabled

21.8 Configuring Other X Displays

If you have an X terminal that does not support the XDMCP protocol, you can manage this terminal by using an XSERVERS.TXT configuration file. See Section 21.3.3 for information about how to create the configuration file.

If you are running HP eXcursion, refer to the Compaq PATHWORKS 32 eXcursion User's Guide for configuration information. For all other X servers, refer to the third-party X Window System software documentation for information about how to configure their product.

Part 5
Network File Services

Part 5 describes how to configure, use, and manage the components that enable transparent network file sharing: NFS server, PC-NFS, and NFS client. It includes the following chapters:

Chapter 22, Configuring and Managing the NFS Server, describes how to set up the NFS server and make file systems available to users on NFS client hosts. This chapter also describes how to set up PC-NFS, how to troubleshoot server and file system problems, and describes the NFS characteristics that can affect system performance.
Chapter 23, Configuring and Managing the NFS Client, describes how to set up the NFS client, which provides users with access to remote file systems.

Chapter 22
Configuring and Managing the NFS Server

The Network File System (NFS) server software lets you set up file systems on your OpenVMS host for export to users on remote NFS client hosts. These files and directories appear to the remote user to be on the remote host even though they physically reside on the local system.

After the NFS server is installed on your computer, you must configure the server to allow network file access.

This chapter reviews key NFS concepts and describes:

How to start up and shut down the NFS server ( Section 22.2)
How to set up the NFS server in an OpenVMS cluster ( Section 22.3)
How to set up PC-NFS ( Section 22.4)
How to manage the MOUNT service ( Section 22.5)
How to register users and hosts ( Section 22.6)
How to back up the file system ( Section 22.7)
How to set up and export an OpenVMS file system ( Section 22.8)
How to set up and export a container file system ( Section 22.9)
How to manage a container file system ( Section 22.10)
How to set up and manage NFS security controls ( Section 22.11)
How to modify NFS server characteristics ( Section 22.12)
How to modify file system characteristics ( Section 22.13)
NFS file locking ( Section 22.14)
How to improve the performance of NFS operations ( Section 22.15)

See Chapter 23 for information on managing the NFS client.

If your network includes PC clients, you may want to configure PC-NFS. Section 22.1.9 and Section 22.4 provide more information.

22.1 Key Concepts

NFS software was originally developed on and used for UNIX machines. For this reason, NFS implementations use UNIX style conventions and characteristics. The rules and conventions that apply to UNIX files, file types, file names, file ownership, and user identification also apply to NFS.

Because the TCP/IP Services product runs on OpenVMS, the NFS software must accommodate the differences between UNIX and OpenVMS file systems, for example, by converting file names and mapping file ownership information. You must understand these differences to configure NFS properly on your system, to select the correct file system for the application, and to ensure that your file systems are adequately protected while granting access to users on remote hosts.

The following sections serve as a review only. If you are not familiar with NFS, see the Compaq TCP/IP Services for OpenVMS Concepts and Planning manual for more information.

22.1.1 Clients and Servers

NFS is a client/server environment that allows computers to share disk space and allows users to work with their files from multiple computers without copying them to their local system. The NFS server can make any of its file systems available to the network by exporting the files and directories. Users on authorized client hosts access the files by mounting the exported files and directories. The NFS client systems accessing your server may be running UNIX, OpenVMS, or other operating systems.

The NFS client identifies each file system by the name of its mount point on the server. The mount point is the name of the device or directory at the top of the file system hierarchy that you create on the server. An NFS device is always named DNFSn. The NFS client makes file operation requests by contacting your NFS server. The server then performs the requested operation.

22.1.2 NFS File Systems on OpenVMS

The OpenVMS system includes a hierarchy of devices, directories and files stored on a Files--11 On-Disk Structure (ODS-2 or ODS-5) formatted disk. OpenVMS and ODS-2 or ODS-5 define a set of rules that govern files within the OpenVMS file system. These rules define the way that files are named and catalogued within directories.

If you are not familiar with OpenVMS file systems, refer to the HP OpenVMS System Manager's Manual: Essentials to learn how to set up and initialize a Files--11 disk.

You can set up and export two different kinds of file systems: a traditional OpenVMS file system or a UNIX-style file system built on top of an OpenVMS file system. This UNIX-style file system is called a container file system.

22.1.2.1 Selecting a File System

Each file system is a multilevel directory hierarchy: on OpenVMS systems, the top level of the directory structure is the master file directory (MFD). The MFD is always named [000000] and contains all the top-level directories and reserved system files. On UNIX systems or with a container file system, the top-level directory is called the root.

You can set up and export either an OpenVMS file system or a container file system. Which one you choose depends on your environment and the user needs on the NFS client host.

You might use an OpenVMS file system if:

Your environment calls for extensive file sharing between your OpenVMS system and another OpenVMS host, or between your system and a UNIX client.
Users on the client need to maintain multiple versions of files.

Select the OpenVMS file system if you need to share files between users on OpenVMS and users on NFS clients.

You might use a container file system if:

You do not require extensive file sharing between your OpenVMS system and a UNIX client.
Client applications require symbolic or hard links or special files.

22.1.2.2 Understanding the Container File System

The NFS software lets you create a logical UNIX style file system on your OpenVMS host that conforms to UNIX file system rules. This means that any UNIX application that accesses this file system continues to work as if it were accessing files on a UNIX host.

An OpenVMS server can support multiple container file systems. Creating a container file system is comparable to initializing a new disk with an OpenVMS volume structure, because it provides the structure that enables users to create files. The file system parameters, directory structure, UNIX style file names, and file attributes are catalogued in a data file called a container file.

The number of UNIX containers you should create depends on how you want to manage your system.

In a container file system, each conventional UNIX file is stored as a separate data file. The container file also stores a representation of the UNIX style directory hierarchy and, for each file name, a pointer to the data file. In addition to its UNIX style name, each file in the container file system has a system-assigned valid Files--11 file name.

An OpenVMS directory exists for each UNIX directory stored in the container. All files catalogued in a UNIX directory are also catalogued in the corresponding OpenVMS directory; however, the UNIX directory hierarchy is not duplicated in the OpenVMS directory hierarchy.

Because each UNIX style file is represented as an OpenVMS data file, OpenVMS utilities such as BACKUP can use standard access methods to access these files.

Note

Except for backing up and restoring files, you should not use DCL commands to manipulate files in a container file system. Instead, use the commands described in Section 22.10.

For more information about backing up and restoring files, see Section 22.7 and Section 22.10.7.

For information about setting up container file systems, see Section 22.9.

22.1.2.3 NFS Support for Extended File Specifications

The NFS server and the NFS client support OpenVMS extended file specifications (EFS) on ODS-5 disk volumes.

You can use NFS server to export files on OpenVMS ODS-5 volumes. The traditional ODS-2 volumes continue to be supported. The NFS client can emulate an ODS-5 volume.

Note that the NFS server and NFS client support the ISO Latin-1 character set only.

If an ODS-5 volume is mapped and exported, the NFS server automatically supports EFS features and ignores the NAME_CONVERSION option of the EXPORT command, if it is specified in the export record.

On ODS-2 volumes (with or without the NAME_CONVERSION option), files with all uppercase names are displayed on non-OpenVMS clients with all lowercase letters. On ODS-5 volumes, the file names are displayed by clients in the same case as they are displayed locally on the server host.

If an ODS-2 volume contains file names that were created using the NAME_CONVERSION option of the NFS EXPORT command and include lowercase or special characters that are invalid for ODS-2 file names, those file names displayed locally on the server host contain character sequences (escape codes), as described in Appendix C. If the DCL SET VOLUME /STRUCTURE_LEVEL=5 command is performed on this volume, the names are displayed by clients with the character sequences exactly as they are displayed locally on the server host.

Contents

Index