Discussion:
LPD server, access control and accounting
(too old to reply)
Francesco Gennai
2007-01-07 19:10:35 UTC
Permalink
Is it possible to do some sort of accounting/access control based on
source IP of the LPD connection for
jobs submitted to the Multinet LPD server ?

This is possible with OpenVMS TCP/IP via a
nice proxy mechanism that links an IP address
to a local VMS user. Such user will be the user submitting
the print job.

In Multinet I have seen the same things but for
remote users linked to local users (by defining appropriate
logical names).

That isn't a satisfactory solution in my case where
I have no control on the remote users and different remote
hosts could present the same username.

Thank you.
Francesco
Jeremy Begg
2007-01-07 23:51:21 UTC
Permalink
Hi Francesco,
Post by Francesco Gennai
Is it possible to do some sort of accounting/access control based on
source IP of the LPD connection for
jobs submitted to the Multinet LPD server ?
If you mean access control to the LPD server, you can do that using the
standard mechanisms in SERVER-CONFIG, e.g.

$ mu config/server
SERVER-CONFIG> show/full lpd
Service "LPD":
TCP socket (AF_INET,SOCK_STREAM), Port 515
Socket Options = SO_KEEPALIVE
INIT() = TCP_Init
LISTEN() = TCP_Listen
CONNECTED() = TCP_Connected
SERVICE() = Run_Program
Program = "MULTINET:SERVER_LPD.EXE"
Accept Hosts = IP*127.0.0.1
Reject by default all other hosts and nets
Reject Message = "Your host does not have line printer access"

You could then use the 'set accept-net', 'set accept-host', 'set
reject-net' and 'set reject-host' commands to control which hosts can send
jobs to the LPD server.

For more sophisticated access control (e.g. limiting a particular remote
host to a particular local print queue) you can modify
MULTINET_COMMON_ROOT:[MULTINET.EXAMPLES]USER_LPD_SERVER.C.

As far as accounting is concerned, I haven't checked but you might be able
to do something with USER_LPD_SERVER.

Regards,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: ***@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
Francesco Gennai
2007-01-08 16:59:54 UTC
Permalink
Hi Jeremy,
Post by Jeremy Begg
Hi Francesco,
Post by Francesco Gennai
Is it possible to do some sort of accounting/access control based on
source IP of the LPD connection for
jobs submitted to the Multinet LPD server ?
If you mean access control to the LPD server, you can do that using the
standard mechanisms in SERVER-CONFIG, e.g.
$ mu config/server
SERVER-CONFIG> show/full lpd
TCP socket (AF_INET,SOCK_STREAM), Port 515
Socket Options = SO_KEEPALIVE
INIT() = TCP_Init
LISTEN() = TCP_Listen
CONNECTED() = TCP_Connected
SERVICE() = Run_Program
Program = "MULTINET:SERVER_LPD.EXE"
Accept Hosts = IP*127.0.0.1
Reject by default all other hosts and nets
Reject Message = "Your host does not have line printer access"
You could then use the 'set accept-net', 'set accept-host', 'set
reject-net' and 'set reject-host' commands to control which hosts can send
jobs to the LPD server.
For more sophisticated access control (e.g. limiting a particular remote
host to a particular local print queue) you can modify
MULTINET_COMMON_ROOT:[MULTINET.EXAMPLES]USER_LPD_SERVER.C.
As far as accounting is concerned, I haven't checked but you might be able
to do something with USER_LPD_SERVER.
I had a quick look at the code of USER_LPD_SERVER.C
I suspect that it is exactly what I was searching for !!!
It is more flexible than in the OpenVMS TCPIP stack.

Thank You !
Regards,
Francesco
Post by Jeremy Begg
Regards,
Jeremy Begg
+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
Loading...