Subject: | |
From: | |
Reply To: | |
Date: | Fri, 18 Dec 2009 22:29:52 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
It should be fairly simple to capture the vars HPSTDIN_NETWORK_ADDR and HPSTREAMEDBY at log on to validate and either continue or :bye out of the system.
jack
-----Original Message-----
From: Chris Bartram [mailto:[log in to unmask]]
Sent: Saturday, December 19, 2009 1:05 AM
To: [log in to unmask]
Subject: Re: [HP3000-L] Force login to use a specific IP
HP-3000 Systems Discussion wrote:
> Is there a way to force a particular user id to use a specific IP
> address. In other words I want to give a machine a static IP and only
> allow this person to access the HP3000 from that PC with the static
> IP.
The following excerpt from system UDCs I use on my HP3000s might give you some ideas.
The "VALIDATEIPADDR" call in the UDC calls another command file that actually does a validation of the logging-on user based on data in a control file to determine if he/she is allowed to log onto the system from the specific host/ip address they are coming from.
The variables the udc sets will work whether the logging on user is coming in via Telnet or NSVT (or hardwired or modem).
The TELLOPs also leave a nice log on the system console (and log file) of the login, including where they came from and what protocol was used to access the system.
-Chris Bartram
***
LOGON
OPTION LOGON,NOBREAK,NOHELP
setvar _network_node ''
if bound(hpstdin_network_node) then
setvar _network_node '!hpstdin_network_node'
endif
setvar _na ''
setvar _at 'HARDWIRED'
if bound(hpstdin_network_addr) then
setvar _na '!hpstdin_network_addr'
elseif bound(hpremipaddr) then
setvar _na '!hpremipaddr'
endif
if bound(hplocport) then
if !hplocport=23 then
setvar _at 'TELNET'
endif
endif
IF BOUND(HPSTDIN_ACCESS_TYPE) THEN
SETVAR _AT "!HPSTDIN_ACCESS_TYPE"
ENDIF
IF BOUND(HPSTDIN_TRANSPORT_TYPE) THEN
SETVAR _TP "!HPSTDIN_TRANSPORT_TYPE"
ELSE
IF "!_AT"="TELNET" THEN
SETVAR _TP "TCP/IP"
ELSE
SETVAR _TP "SERIAL"
ENDIF
ENDIF
IF BOUND(HPVT_CLIENT_VENDOR) THEN
SETVAR _VND " (!HPVT_CLIENT_VENDOR)"
ELSE
SETVAR _VND " "
ENDIF
TELLOP LOGON VIA !_AT USING !_TP !_VND
setvar _node ups(ltrim(rtrim("!_network_node")))
setvar _addr ups(ltrim(rtrim("!_na")))
if '!_node'<>'' then
tellop !_at, IP: "!_addr" Node: "!_node"
else
tellop !_at, IP: "!_addr"
endif
setjcw cierror=0
continue
VALIDATEIPADDR
if !cierror<>0 then
echo
echo ************************************
echo ** NODE/IP CONTROL FILE CORRUPT **
echo ************************************
echo
bye
endif
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|