MultiNet FAQ: Telnet

 

Do I need to use the HPE software if I want to run another KDC with MultiNet?

Yes and no. If you want to use MultiNet's telnet client and you want to use Kerberos V5 authentication, you'll need the HPE software to request a V5 ticket from any Kerberos V5 KDC. Other than that, our software works with any Kerberos V5 KDC (so long as the KRB$RTL.EXE shareable image is installed).


It seems that after five or so incoming FTP (or TELNET) connections have been established, other people can connect, but their sessions 'hang.' Is this a MultiNet problem?

You've probably hit the default max-servers limit. From within SERVER-CONFIG, you can set the maximum number of servers available to service incoming connections. Once that limit (5 by default) has been reached, new connections are accepted, but appear to 'hang' until a previously established session ends, freeing up a server. You can boost (or lower) this limit in SERVER-CONFIG by selecting the service you want to modify (e.g., SELECT FTP) and changing the value (e.g., SET MAX-SERVERS 15). Restart the master server for the change to take effect.


What do I need from HPE to run MultiNet's Kerberos 5 Telnet server and client?

To simply run our Kerberos 5 Telnet server & client, you will need the KRB$RTL.EXE shareable image that is supplied in the HPE distribution. MultiNet images link against this and all Kerberos 5 functionality is done through calls to this library. The HPE distribution also includes the KDC and Kerberos client functionality (requesting a ticket, etc.)


Why do TELNET and FTP take 1 to 2 minutes to connect?

If it takes 1 to 2 minutes to finally make a connection when using TELNET or FTP, there is probably a failing reverse DNS lookup. In other words, the server is doing a reverse lookup on the client's IP address and cannot resolve it.

You need to add the address of the client to the reverse DNS files for resolution. If you use DNS but do not have Internet connectivity, add a FORWARDERS line to the end of your DOMAIN-NAME-SERVICE.CONFIGURATION file, then SLAVE on the next line. This causes DNS to look through your DNS files and cache, but not attempt to contact the root servers on the Internet.

If you are using host-tables, add the address of the client to the HOSTS.LOCAL file. Also, if you are using host tables and not using DNS, be sure DNS is disabled from SERVER-CONFIG.

For FTP: define/system MULTINET_FTP_FAST_TIMEOUT will minimize the amount of time spent on a reverse lookup.


How can I restrict certain services (e.g., TELNET, FTP) to certain cluster nodes?

Use the following sequence:

$ MULTINET CONFIGURE/SERVER
SERVER-CONFIG> SELECT service
SERVER-CONFIG> SET ENABLED-NODES
You can now add new VAXcluster nodes for service. An empty line terminates.

 Add VAXcluster node: hostname
 Add VAXcluster node:
 SERVER-CONFIG> SHOW/FULL
 SERVER-CONFIG> EXIT

service is the name of the service to modify

hostname is the name of the host who runs that service

You can also prevent selected services (BOOTP, TFTP, NFS, for instance) from starting on certain nodes in your VMS cluster with the SET DISABLED-NODES command.


I've upgraded from a really old version of MultiNet and the accept-hosts on the TELNET service is not working correctly. Addresses on the accept-hosts are not allowed access to the service.

In MultiNet v5.2, the socket-family parameter for TELNET was changed from AF_INET to AF_INET6 and TELNET6 was eliminated in the final kit. The simple, quick fix is:

$ multinet configure/server
  SERVER-CONFIG>select telnet 
  SERVER-CONFIG>set socket-family af_inet
  SERVER-CONFIG>write 
  SERVER-CONFIG>exit 
$ @multinet:start_server restart