Proxies are managed using the AUTHORIZE facility. Here are
examples of adding proxies to grant access to remote user
SMITH on node LAMCHP to the JONES account on the local node:
UAF> ADD/PROXY DOMAIN:LAMCHP.SCH.DEC.COM::SMITH JONES
UAF> ADD/PROXY DEC:.SCH.LAMCHP::SMITH JONES
UAF> ADD/PROXY LOCAL:.LAMCHP::SMITH JONES
Each proxy record should specify a default account, regardless
of whether a default wildcard proxy exists, to ensure that at
least one valid destination account is specified. For example,
if a default wildcard proxy existed on DEC:.SCH.PRKCHP:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
DEC:.SCH.LAMCHP::*
* (D)
The SYSTEM user on node LAMCHP would have default proxy access
into the SYSTEM account on PRKCHP.
If the network manager then wished to add ALTERNATE as an
alternate account to be used from the SYSTEM account on LAMCHP,
while still retaining SYSTEM as the default, he would need to
explicitly specify that default in the new proxy record like so:
UAF> ADD/PROXY DEC:.SCH.LAMCHP::SYSTEM SYSTEM/DEFAULT, ALTERNATE
So the proxy database on PRKCHP would now look like this:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
DEC:.SCH.LAMCHP::*
* (D)
DEC:.SCH.LAMCHP::SYSTEM
SYSTEM (D) ALTERNATE
If he instead did this:
UAF> ADD/PROXY DEC:.SCH.LAMCHP::SYSTEM ALTERNATE
So the proxy database looked like this:
UAF> SHOW/PROXY *
Default proxies are flagged with (D)
DEC:.SCH.LAMCHP::*
* (D)
DEC:.SCH.LAMCHP::SYSTEM
ALTERNATE
then DEC:.SCH.LAMCHP::SYSTEM would no longer have default
access to PRKCHP's SYSTEM account. That is because only one
proxy record is considered for proxy processing; and in this
case, the exact match DEC:.SCH.LAMCHP::SYSTEM is preferred
over the DEC:.SCH.LAMCHP::* match. This
DEC:.SCH.LAMCHP::SYSTEM proxy record does not specify any
default account.
For further information on how proxies are used to grant
access, refer to HELP NETWORK_MANAGEMENT ACCESS_CONTROL
OPENVMS_POLICY.