Chris after Jeff:
> > Just :purge or :rename telnet.arpa.sys; but be sure to put it back
> > before starting any patches/updates.
>
> Or put a lockword on it. :-)
While TELNET.ARPA.SYS has PM capability, there is nothing privileged
about the telnet service which prevent any user from writing (or uploading)
a telnet equivalent program. As far as I know, it's not possible to
remove the capability to talk on the network from an individual user
(this seems strange as MPE has so many other capability flags. Why
isn't there an NU "Network User" capability?).
So while eliminating access to HP's telnet client may be a relatively
effective method of preventing people form connecting to other machines,
I'm not aware of any way to actually have the system enforce this
restriction effectively, short of disabling TCP on the 3000 or having
an external firewall which filters out outbound traffic you don't like.
G.