TCPware V5.7 Management Guide

Appendix C

TCPware Logicals

Table C-1 TCPware Logicals (Continued)

FTP_STARTUP Define the FTP_STARTUP logical to point to the FTP_STARTUP.COM file. For example: $ DEFINE/SYSTEM/EXECUTIVE FTP_STARTUP SYS$MANAGER:FTP_STARTUP.COM Client users can override this startup file by creating their own. Including the command DEFINE/PROCESS FTP_STARTUP in a user's LOGIN.COM file overrides any DEFINE/SYSTEM/EXEC command in the SYS$MANAGER:SYSTARTUP_V5.COM file.

NETCU_STARTUP Define the NETCU_STARTUP logical to point to the file. For example, you can include the following in your LOGIN.COM file: ASSIGN SYS$LOGIN:NETCUSTART.COM NETCU_STARTUP When you start NETCU, the NETCU_STARTUP logical points to the specified file (SYS$LOGIN:NETCUSTART.COM for example) and processes all the commands. Note that the system ignores all commands following an EXIT or QUIT command in the file. NETCU ignores any "commented-out" command lines in files (such as SERVICES.COM) that are used as input to NETCU. The commented-out line in the file should begin with the !, #, or ; character. NETCU does not execute the command line until you remove the character.

SSH_CONTROL.COM This is the file used to configure/start/stop SSH.

SSH_DIR Points to the directory where SSH's configuration, master server log file, and host key files are kept. Normally, this is TCPWARE_COMMON_ROOT:[TCPWARE]. It is defined through @TCPWARE:CNFNET SSH. The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown.

SSH_EXE Points to the directory where SSH executables are kept. Normally, this is TCPWARE_COMMON_ROOT:[TCPWARE]. It is defined through @TCPWARE:CNFNET SSH. The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown.

SSH_LOG Points to the directory where the log files are kept. Normally, this is TCPWARE_COMMON_ROOT:[TCPWARE.LOG]. It is defined through @TCPWARE:CNFNET SSH. The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown.

SSH_MAX_SESSIONS Set this to the maximum number of concurrent SSH sessions you want to allow on the server system. If SSH_MAX_SESSIONS is not defined, the default is 9999. Setting SSH_MAX_SESSIONS to zero (0) will cause an error. The value must be between 1 and 9999. It is defined through @TCPWARE:CNFNET SSH. The configuration procedure should write these to the common configuration file and check the values at start up and delete them at shutdown.

SSH_TERM_MBX Mailbox used by SSHD_MASTER to receive termination messages from SSHD daemon processes. Do not change this logical name. This is created by the SSHD_MASTER process.

TCPWARE_ACECLIENT_CL Points to the shareable image activated by LOGINOUT when login is performed.

TCPWARE_ACECLIENT_DATA_DIRECTORY Points to the directory that contains ACE/Client data files. Set by the Enter directory where the TCPware ACE/Client data file resides: prompt in CNFNET.

TCPWARE_ACECLIENT_ENABLE If set to 1, indicates that authentication by the TCPware ACE/Client is enabled. Set by the Do you want to use the TCPware ACE/CLIENT to authenticate user login?: prompt in CNFNET.

TCPWARE_ACECLIENT_NETWORK If set to 1, indicates that authentication is performed on logins over network terminals. For example, _NT physical devices created if using TELNET. Set by the Do you want to authenticate user network logins? prompt in CNFNET.

TCPWARE_ACECLIENT_ PASSCODE_TIME Defines the number of seconds allowed for the user to input the PASSCODE. Set by the Enter the PASSCODE input timeout time: prompt in CNFNET.

TCPWARE_ACECLIENT_REMO If set to 1, indicates that authentication is performed on logins over remote terminals. For example, _RT physical devices are created if using SET HOST. Set by the Do you want to authenticate user remote logins?: prompt in CNFNET.

TCPWARE_ACECLIENT_SHR Points to the ACE/Client API.

TCPWARE_DOMAINLIST Allows you to set up to six domains in a search list, as well as the minimum number of dots to recognize in a host name to make it fully qualified. The client reads this information from this logical you set through CNFNET.

TCPWARE_DOMAINNAME Specifies the internet addresses of up to three name servers the client can query. The client reads this information from this logical you set through CNFNET.

TCPWARE_FTP_220_REPLY Defines a message displayed when a user connects to the server and can log in. This message replaces the default message. You can define lines of the message text, one comma-separated equivalence string for each line. You can also specify a file that contains the message text by defining an equivalence string starting with the @ and followed by the complete file specification. For example, you can define the welcome text equivalence string as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_220_REPLY -_$ "**AUTHORIZED USE ONLY **",-_$ "bart.nene.com (192.168.34.56)", -_$ "FTP-OpenVMS FTPD V5.5 (c) 2000 Process Software" Alternately, you can include the last three equivalence strings in an FTP_WELCOME.TXT file and define the logical as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_220_REPLY -_$ "@SYS$MANAGER:FTP_WELCOME.TXT" In either case, when a user connects to a host, the message appears as follows: 220-** AUTHORIZED USE ONLY **220-bart.nene.com (192.168.34.56)220 FTP-OpenVMS FTPD V5.5 (c) 2000 Process Software_Username []:

TCPWARE_FTP_221_REPLY Defines a message to appear when a user ends the FTP session. If not defined, TCPware uses the default message. You can define a text string or file. For example: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_221_REPLY -_$ "Connection to FTP server has been closed" Now, when the user closes the FTP connection, the following message appears: 221 Connection to FTP server has been closed

TCPWARE_FTP_230_REPLY Defines a message to appear when a user successfully logs in. If not defined, TCPware uses the default message. You can define a text string or file. For example: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_230_REPLY "Login successful" Now, when the user logs in using FTP, the following message appears: 230 Login successful

TCPWARE_FTP_421_REPLY Defines a message sent when a user connects to the server but should not log in. After sending the message, the connection closes. For example, you can define this logical to prevent FTP access for a short time period. Be sure to deassign the logical after this period to allow FTP access again. You can define a text string or file. For example: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_421_REPLY-_$ "System maintenance in progress until 17:30" Now, when the user connects to the host through FTP, the following message appears and then the connection closes: 421 System maintenance in progress until 17:30 The TCPWARE_FTP_421_REPLY logical has precedence over the TCPWARE_FTP_220_REPLY logical.

TCPWARE_FTP_ALL_VERSIONS Requests the NLST and LIST commands to display all versions of the specified files. If TCPWARE_FTP_ALL_VERSIONS is defined, the logical TCPWARE_FTP_STRIP_VERSION has no effect. TCPWARE_FTP_ALL_VERSIONS is ignored if the FTP server is in UNIX emulation mode.

TCPWARE_FTP_ALLOWCAPTIVE By default, the FTP server does not allow file transfers for CAPTIVE accounts. Defining this logical allows CAPTIVE accounts to use all FTP commands except SITE SPAWN. Define the logical as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_ALLOWCAPTIVE " " You must modify the CAPTIVE account procedure to allow the FTP server to start the data transfer process. The procedure can check if the logical "TT" is equal to "TCPWARE:FTPSERVER_DTP.COM" and exit out of the login procedure, as follows: $! Check if this is the TCPware FTP data transfer process:$ IF F$LOGICAL("TT") .EQS. "TCPWARE:FTPSERVER_DTP.COM" THEN EXIT$! Refuse other network connections (such as DECnet):$ IF F$MODE() .EQS. "NETWORK" THEN LOGOUT$! (or allow by using "...THEN EXIT" above)$! Remainder of CAPTIVE procedure follows:$....

TCPWARE_FTP_ANONYMOUS_230_REPLY Defines a message to appear when an ANONYMOUS user successfully logs in. If not defined, TCPware uses the default message. You can define a text string or file. For example: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_ANONYMOUS_230_REPLY-_$ "ANONYMOUS login successful" Now, when a user logs in using the ANONYMOUS account, the following message appears: 230 ANONYMOUS login successful

TCPWARE_FTP_ANONYMOUS_RIGHTS Defines write, rename, and delete access rights for the ANONYMOUS FTP user in addition to read access. For example: $ DEFINE/SYS/EXEC/NOLOG TCPWARE_FTP_ANONYMOUS_RIGHTS "WRITE,RENAME,DELETE"

TCPWARE_FTP_ANONYMOUS_ROOT Defines access restrictions for users logged in as ANONYMOUS. For example, you can set access restrictions for users logged in as ANONYMOUS to allow access to just the ANONYMOUS$USER directory and its subdirectories: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_ANONYMOUS_ROOT ANONYMOUS$USER: If not set, the FTP server defaults to the setting in the TCPWARE_FTP_ROOT logical if it exists.

TCPWARE_FTP_DISALLOW_UNIX_STYLE Controls whether UNIX style filename parsing is done. If not defined and a / is found in the filename, it is assumed to be a UNIX style filename. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_DISALLOW_UNIX_STYLE FALSE

TCPWARE_FTP_DONT_REPORT_FILESIZE If this logical is defined, the reporting of the estimate of the number of bytes to be transferred in the 150 response line is suppressed. Some FTP clients expect this number to be exact. The FTP server is unable to determine an exact count without processing the entire file, so an estimate of the number of bytes used to store the file is returned. The inaccuracy comes from the differences in the way OpenVMS records and line breaks are handled. The ? in the logical represents where defined values go. $ DEFINE/SYSTEM/EXEC TCPWARE_FTP_DONT_REPORT_FILESIZE ?

TCPWARE_FTP_EXTENSION_QUANTITY Defines the default allocation/extention quantity for new files and appends. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_EXTENSION_QUANTITY ?

TCPWARE_FTP_IDLE_TIMEOUT Change the timeout for FTP connection attempts to something other than the default of 10 minutes. The FTP server checks the timeout when you enter and complete a command. You can set this logical any time, and it effectively changes the idle timeout for open, non-idling connections as well as for any future ones. Make sure to use delta time for the time syntax. $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_IDLE_TIMEOUT "0 00:20:00" This example changes the idle timeout to 20 minutes. If omitted, the default is 10 minutes. If you set the value to 0, idle timeout is disabled.

TCPWARE_FTP_KEEP_DIR_EXT Sometimes the FTP server strips the .DIR extension from the file name of a directory when the NLST function is requested. The FTP server now looks for the logical TCPWARE_FTPD_KEEP_DIR_EXT and, if defined, does not remove the .DIR extension. To use this feature, define the logical as: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTPD_KEEP_DIR_EXT TRUE To return to the default behavior, deassign this logical.

TCPWARE_FTP_LOGFILE Defines a specific name of a log file. Use this if you suspect break-ins to the FTP server. For example: $ DEFINE/SYSTEM/EXEC TCPWARE_FTP_LOGFILE SYS$COMMON:[SYSMGR]FTPLOGIN.LOG If this logical exists, the FTP server writes a record to the specified file each time a user attempts to log in. Each record includes the date and time, the remote host's internet address, and whether the login succeeded. Specifies the name of the file to which ALL commands and responses to ANONYMOUS FTP services are logged. If TCPWARE_FTP_LOG_ALL_USERS is also defined, then commands and responses for all users are logged.

TCPWARE_FTP_MAX_SERVERS Allows the maximum number of servers to be set. The default is 10000. $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_MAX_SERVERS "1500"

TCPWARE_FTP_MAXREC The FTP client and the FTP server normally check the record size of an ASCII transfer and disallow more than 8192 byte records (as a sanity check). Define this logical to override the default of 8192. The definition of this logical is commented out but defined in the FTP_CONTROL.COM file as follows: $ !DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_MAXREC 8192

TCPWARE_FTP_MESSAGE_FILE Defines the message file the FTP user sees when connecting to the server or moving between directories. The definition of this logical is commented out but defined in the FTP_CONTROL.COM file as follows: $ !DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_MESSAGE_FILE ".MESSAGE"

TCPWARE_FTP_ONLY_BREAK_ON_CRLF If this logical is set and an ASCII file is transferred, a new line is created in the file upon receipt of a carriage return/line feed sequence. If this logical is not set and an ASCII file is transferred, a new line is created upon receipt of either a carriage return/line feed sequence or a line feed.

TCPWARE_FTP_RECEIVE_THRESHOLD Specifies the amount of buffer space that can be used to buffer transmitted data on the data socket. The default value if 6144. If this logical is defined and it begins with a /, then it specifies the fraction of the window size; if only a fraction is specified, then it indicates the number of bytes to be used. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_RECEIVE_THRESHOLD ?

TCPWARE_FTP_ROOT Defines the system-wide default directory access restrictions for client users. For example, you can restrict all users logged in via FTP to the COMMON$USER directory and its subdirectories, as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_ROOT COMMON$USER: The FTP server defaults to this logical if the TCPWARE_FTP_ANONYMOUS_ROOT or TCPWARE_FTP_username_ROOT logicals are not set.

TCPWARE_FTP_SEMANTICS_FIXED_IGNORE_CC If this logical is defined to TRUE, then GET operations of fixed lengths record files will not have a <CR>(carriage return)<LF>(line feed) added to the end of each record. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE TCPWARE_FTP_SEMANTICS_FIXED_IGNORE_CC ?

TCPWARE_FTP_SERVER_DATA_PORT_RANGE Specifies the upper and lower port boundaries that are to be used in passive data connections. The string should contain two numbers separated by a space. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE TCPWARE_FTP_SERVER_DATA_PORT_RANGE ?

TCPWARE_FTP_SERVER_LOG_LIMIT By setting this logical in the LOGIN.COM file, you can specify that log files be retained. Set the logical name to a dash (-) to retain all log files, or specify a number in the range of 1 to 32000. Directory size restrictions limit the number of potential files that can actually be created. If you do not specify a number or value, one log file is created or overwritten for each FTP session. Use the DCL PURGE command to delete unneeded log files. The following example specifies that 42 log files be retained: $ DEFINE TCPWARE_FTP_SERVER_LOG_LIMIT 42

TCPWARE_FTP_SERVER_RELAXED_PORT_COMMAND The server normally compares the IP network address value specified in the PORT command with the IP network address of the IP address it is receiving commands from. If these are not in agreement, the PORT command is not accepted. Some multi-homed clients, and clients that can do third party transfers, send values that do not match. Defining this logical allows the PORT command to be accepted for these clients by disabling this check. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE TCPWARE_FTP_SERVER_RELAXED_PORT_COMMAND ?

TCPWARE_FTP_STRIP_VERSION Causes VMS mode output to have no versions. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_STRIP_VERSION ?

TCPWARE_FTP_SYST_BANNER Displays the banner "UNIX TCPware Unix Emulation." If the FTP server is in VMS mode, the SYST command displays the equivalence string associated with this logical (if defined). Otherwise, the SYST command displays "VMS TCPware Vx.y(rev),": Vx.y is the TCPware version number. (rev) is the revision number of the FTP server. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_SYST_BANNER ? This logical is ignored if the FTP server is in UNIX mode.

TCPWARE_FTP_UNIX_STYLE_BY_DEFAULT If you define this logical, the FTP server starts in UNIX emulation mode. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_UNIX_STYLE_BY_DEFAULT ?

TCPWARE_FTP_UNIX_STYLE_CASE_INSENSITIVE Allows UNIX style filename handling to be case insensitive. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_UNIX_STYLE_CASE_INSENSITIVE ?

TCPWARE_FTP_username_ROOT Defines access restrictions for an FTP client logging in as username. For example, you can restrict user CLARK to the COMMON$USER:[CLARK] directory and its subdirectories, as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_CLARK_ROOT COMMON$USER:[CLARK] Because the FTP server restricts access by default to the directory setting in the TCPWARE_FTP_ROOT logical, if it exists, you may want to use the special wildcard (*) setting with the TCPWARE_FTP_username_ROOT logical to bypass the default for username. For example, to restrict the bulk of users to DISK$SYS_LOGIN, restrict users KATE and PAUL to ENG$DISK, but allow SYSTEM full access to locations covered by its account, define the following logicals: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_ROOT DISK$SYS_LOGIN ! default$ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_KATE_ROOT ENG$DISK ! limits KATE$ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_PAUL_ROOT ENG$DISK ! limits PAUL$ DEFINE/SYSTEM/EXECUTIVE TCPWARE_FTP_SYSTEM_ROOT * ! full SYSTEM

TCPWARE_FTP_WINDOW The FTP client and the FTP server set the TCP window size of the data connection to either: • The value of this logical if you define it (minimum is 512 bytes; maximum is 1,048,576 bytes). • The larger of 32,768 bytes and the default TCP window size. The ? in the logical represents where defined values go. Defined values can be either alpha or numeric. $ DEFINE/SYSTEM/NOLOG/EXECUTIVE TCPWARE_FTP_WINDOW ?

TCPWARE_IMAP_UPDATE_LOGIN_TIME If this logical is defined (to any value), then IMAP updates the user's "Last login: (non-interactive)" field on the server with the last time the user downloaded his/her mail via an IMAP client.

TCPWARE_KERBV4_MAXAGE Sets the maximum age of the Kerberos database.

TCPWARE_KERBV4_PRIMARY Sets the Primary Kerberos server name.

TCPWARE_KERBV4_REALM Sets the realm name of the Kerberos server.

TCPWARE_KERBV4_RLOGIN Determines if the RLOGIN server mandates, accepts, or disallows any Kerberos request.

TCPWARE_KERBV4_RSHELL Determines if the RSH server mandates, accepts, or disallows any Kerberos request.

TCPWARE_KERBV4_SRVTYP Sets the type of server (primary, or applications only).

TCPWARE_KERBV4_TELNET Determines if the TELNET server mandates, accepts, or disallows any Kerberos request.

TCPWARE_KERBV4_TKFILE Sets the location of the user's ticket file.

TCPWARE_LOCALDOMAIN Specifies the default local domain name to be used when building To: addresses on outgoing messages.

TCPWARE_LPD_DEFAULT_USER Defines a default OpenVMS username for remote users connecting to the local LPD server. Used only when you define a remote host in the LPD access file and the remote username is not mapped to a specific OpenVMS username.

TCPWARE_LPD_OPTIONS Determines if the server handles batch queues.

TCPWARE_LPD_qname_FORM* Defines the form used for print jobs. This logical is similar to TCPWARE_LPD_qname_PARAMETER. Use the TCPWARE_LPD_*_FORM logical to define the form for all queues. Note! A specific queue setting overrides the global setting for that queue.

TCPWARE_LPD_qname_OPTION Specifies additional PRINT command qualifiers to pass to the specified print queue: /BURST, /FEED, /FLAG, /FORM, /HEADER, /LOWERCASE, /PASSALL, /PRIORITY, /RESTART, /SPACE, /TRAILER Use the TCPWARE_LPD_*_OPTION logical to define the option for all queues. Note! A specific queue setting overrides the global setting for that queue.

TCPWARE_LPD_qname_PARAMETER* Defines the specified parameters when the remote user submits a print request to the OpenVMS print system (qname is the queue name). The first equivalence string for the logical (if defined) is the first parameter; the second is the second parameter; and so on, up to eight parameters. Use the TCPWARE_LPD_*_PARAMETER logical to define the parameter for all queues. Note! A specific queue setting overrides the global setting for that queue.

TCPWARE_LPD_qname_QUEUE* Defines the print queues for an alias queue name (qname). Supports clients that may not allow standard OpenVMS queue names as the remote printer (such as IBM's AIX, which restricts remote printer names to seven characters).

TCPWARE_LPD_SPOOL Points to the work directory for the LPD server. This directory holds temporary files.

TCPWARE_LPR_PRINTER Defines the default remote printer for the LPR, LPRM, and LPQ commands. You can define your own TCPWARE_LPR_PRINTER logical in a LOGIN.COM file.

TCPWARE_LPR_qname_PRINTERTCPWARE_LPR_qname_PRINTER_DEFAULT Defines the absolute printer for the PRINT command. You cannot override this logical when submitting a print job. Use to restrict printing to one printer per queue.

TCPWARE_LPR_QUEUES Lists the names of all TCPware print symbiont queues. Defined only if you defined one or more print queues.

TCPWARE_LPR_SPOOL Points to the work directory for the PRINT command. This directory holds temporary files.

TCPWARE_LPRSM The TCPWARE_LPRSMB print symbiont provides similar retry interval and timeout tuning logicals as those for TCPWARE_VMSLPRSMB. The TCPWARE_LPRSMB logicals are: • TCPWARE_LPRSMB_*_RETRY_INTERVAL • TCPWARE_LPRSMB_qname_RETRY_INTERVAL • TCPWARE_LPRSMB_*_TIMEOUT • TCPWARE_LPRSMB_qname_TIMEOUT • TCPWARE_LPRSM_qname_PRECONN

TCPWARE_NAMED_MAX_CACHE_TTL When NAMED starts up, it checks the SYSTEM EXECUTIVE logical table for this logical value and sets the maximum cache time (in seconds) to be that value. You can use this logical to override the default one week (604800 seconds) to a maximum cache time more appropriate for your system. For example: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_NAMED_MAX_CACHE_TTL 86400 This logical is read the next time the server starts. If you do not want to wait for the server to start, you can make the change to the running server by using the NETCU SET NAMED MAX_TTL command. Any data now written to the cache remains there for 86400 seconds (one day).

TCPWARE_NAMESERVERS When an application needs to resolve a host name or internet address, the client queries the first name server this logical defines. The client continues to query the other name servers on its list until it receives an answer or the list is exhausted. List of IP addresses for DNS lookups.

TCPWARE_NFS_ACCESS_IDENTIFIER Specifies the name of a rights identifier you want assigned to all NFS users. You can then modify the access control lists (ACLs) of files to grant or deny access to holders of the rights identifier. The default is null (no rights identifier). OpenVMS files protected by ACLs should have the UIC-based protection mask set to allow file access and the ACL set to deny access.

TCPWARE_NFS_DFLT_GIDTCPWARE_NFS_DFLT_UID Specifies the default UID and GID. The server uses these defaults in the following cases: • The server receives a request from a user without a PROXY mapping and who is also the superuser (UID=0, and any GID). The server replaces the superuser UID and GID with the default UID and GID. • The server processes a get attributes request and cannot find a file's owner UIC in the PROXY database. The server uses the default UID and GID instead.

TCPWARE_NFS_DIRLIFE_TIMER Sets when to delete internal directory cache data structures. Specify the interval as OpenVMS delta time. The default is 3 minutes.

TCPWARE_NFS_DIRREAD_LIMIT Sets the maximum size in bytes for each file read while processing a get attributes request. If the estimated file size exceeds this value, TCPware does not read the file to determine its exact size and returns an estimated size instead. The estimated file size is always larger than the exact size. The -1 default effectively turns off file size estimation. This parameter applies only to filesystems exported with the /CONVERT option (the default). A value of 0 disables TCPware from determining exact file sizes on requests. This parameter may provide the NFS Client with inexact file sizes. This is generally not a problem, but may affect some applications.

TCPWARE_NFS_DIRTIME_TIMER Sets a time interval that determines when the server updates the directory access time between NFS operations. Specify the interval as an OpenVMS delta time. The default is 30 seconds.

TCPWARE_NFS_DYNAMIC_EXPORT Reloads updates to the shared database on the cluster automatically when you set this logical to CLUSTER, as follows: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_NFS_DYNAMIC_EXPORT CLUSTER The server uses locks to communicate changes to all the servers on the cluster. The default is LOCAL (not to use locks).

TCPWARE_NFS_DYNAMIC_PROXY Enables dynamic PROXY database reloading. $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_NFS_DYNAMIC_PROXY keyword[,keyword] The keywords are CLIENT, SERVER, NOCLIENT, and NOSERVER, used in any reasonable combination. Use CLIENT to enable Client reloading and SERVER to enable Server reloading. The /NOCLIENT and /NOSERVER qualifiers used with the ADD PROXY or REMOVE PROXY commands override the logical setting.

TCPWARE_NFS_FILE_CACHE_SIZE Determines the maximum number of files allowed to have attributes in cache at any one time. The number must be larger than the SYSGEN parameter CHANNELCNT. The value must also be larger than the number of combined TCP and UDP threads.

TCPWARE_NFS_LOG_CLASS Enables the type of information written to the log file TCPWARE:NFSSERVER.LOG. This parameter is a bit mask value (in decimal).

TCPWARE_NFS_NOCHECKSUM Enables or disables checksum generation for UDP datagrams. This parameter is a boolean value. When the value is 0 (false), the server generates checksums for outgoing datagrams. When the value is 1 (true), the server does not generate checksums. Enabling checksums maintains data integrity, and is the default. Note! Disabling checksums may increase system performance but could have an adverse affect on certain NFS clients.

TCPWARE_NFS_OPENFILE_TIMER Sets a time interval (in delta time) a file remains open after you last accessed it. You do not need to open and close it for each request. The default is six seconds.

TCPWARE_NFS_PCNFSD_DFLTPRTOPT Specifies the default print options when submitting a spooled print job for printing. The TCPware logical name for NFS_PCNFSD_DFLPRTOPT is TCPWARE_PCNFSD_DFLTPRTOPT.

TCPWARE_NFS_PCNFSD_ENABLE Enables or disables the PCNFSD services support. A value of 1 enables the PCNFSD services support. A value of 0 disables the support. A value of 3 enables print spooling of files on the server without enabling PCNFSD authentication. The logical name for NFS_PCNFSD_ENABLE is TCPWARE_PCNFSD_ENABLE.

TCPWARE_NFS_PCNFSD_JOB_LIMIT Specifies the maximum packet size of the information displaying the queued print jobs. Some systems require this limitation. Note that if the actual queued job information exceeds the byte limit set by this parameter, TCPware truncates the information. The TCPware logical name for NFS_PCNFSD_JOB_LIMIT is TCPWARE_PCNFSD_JOB_LIMIT. If you do not define this logical, TCPware determines the size of the packet at run-time.

TCPWARE_NFS_PCNFSD_PRINTER Specifies the print queue you want used if the NFS client does not specify a printer. This is an optional parameter and the default is SYS$PRINT when the client does not specify a printer (most clients specify the printer). The TCPware logical name for NFS_PCNFSD_PRINTER is TCPWARE_PCNFSD_PRINTER.

TCPWARE_NFS_PCNFSD_PRINTER_LIMIT Specifies the maximum packet size of the information displaying the printers known on the server. Some systems require this limitation. Note that if the actual printer information exceeds the byte limit set by this parameter, TCPware truncates the information. The TCPware logical name for NFS_PCNFSD_PRINTER_LIMIT is TCPWARE_PCNFSD_PRINTER_LIMIT. If you do not define this logical, TCPware determines the size of the packet at run-time.

TCPWARE_NFS_PCNFSD_SPOOL Specifies the name of the PCNFSD print spool directory as a UNIX style pathname. The directory must be an exported directory. This is, the directory must be an entry in the EXPORT database, or a subdirectory of an exported directory. The logical name for NFS_PCNFSD_SPOOL is TCPWARE_PCNFSD_SPOOL. Because you export different OpenVMS directories to different clients with the same path, it is possible for the NFS_PCNFSD_SPOOL parameter to refer to different OpenVMS directories depending on which PCNFSD client requests the print spooling services.

TCPWARE_NFS_PORT Sets the TCP and UDP port through which the NFS, MOUNT, and PCNFSD protocols receive data.

TCPWARE_NFS_SECURITY Enables various security features. This parameter is a decimal bit mask value. CAUTION! Do not use bits 0 and 1 for PC clients using PCNFS.If you use PC-NFS printing with mask value=2, add an entry to the EXPORT database for each client subdirectory (not just a single entry for the spool directory.) The pathname listed in the EXPORT database should be the NFS_PCNFSD_SPOOL parameter value concatenated with the name of the client subdirectory.If you set bit 5, PC-NFS users can print to batch queues. This may present a security risk, since users could submit batch jobs under a privileged (or another) user by forcing the UID/GID values of their choice.Disabling use of the intrusion database for PCNFSD, by setting bit 6, affects all exports.A bit mask 8 value of 128 disables PCNFSD deletion of printed files from the spool directory.

TCPWARE_NFS_TCP_THREADS Controls the number of simultaneously serviced requests received over TCP connections the server can support. The server requires a thread for each TCP request it receives. This thread is active for the amount of time it takes the server to receive the request, perform the operation, and send a reply to the client. The more threads the server supports, the better the performance. Note that the number of threads has no impact on the number of TCP connections the server supports.

TCPWARE_NFS_UDP_THREADS This is similar to the NFS_TCP_THREADS parameter but relates to UDP threads.

TCPWARE_NFS_XID_CACHE_SIZE Sets the maximum number of XID cache entries. The XID cache prevents the system from transmitting false error messages for operations such as delete, create, rename, and set attributes. For example, the server receives a delete file request from a remote host. After the server deletes the file and sends a success reply, the network loses the reply. Because the remote host does not receive a reply, it sends the delete file request again. Without an XID cache, TCPware would try to process the request again and send a false error message that it could not find the file. The XID cache prevents the system from sending the false error because it stores and retransmits the original reply. Set the NFS_XID_CACHE_SIZE parameter to at least twice (2 times) the largest of the number of: • NFS clients using the NFS Server • UDP threads (as set by the NFS_UDP_THREADS parameter) • TCP threads (as set by the NFS_TCP_THREADS parameter) The parameter sets the size of both the UDP and TCP XID caches (each protocol has a separate XID cache).

TCPWARE_PCNFSD_DFLTPRTOPT Specifies the default print options when submitting a spooled print job for printing. The TCPware logical name for NFS_PCNFSD_DFLPRTOPT is TCPWARE_PCNFSD_DFLTPRTOPT.

TCPWARE_POP3_UPDATE_LOGIN_TIME If this logical is defined (to any value), then POP3 updates the user's "Last login: (non-interactive)" field on the server with the last time the user downloaded his/her mail via an POP3 client.

TCPWARE_PPPD_DEBUG_LEVEL When you specify the DEBUG (or -D) option, it debugs at level 5 (display up to warning and significant events). For more informational and debugging information, raise the debug level to 7 by defining this logical.

TCPWARE_PPPD_OPCOM_LEVEL For a detached process, raise the message level for OPCOM messages. By default, it is set to 4 to report fatal and error messages. Raise it to 5 to monitor the significant events in PPPD, or even higher for more detail by defining this logical.

TCPWARE_QUOTE Defines the quote for the server. This logical can be either a string or a filename that includes the quote text. Prefix a filename with the @ sign and enclose the definition or filename in quotation marks. You need SYSNAM or SYSPRV privileges to define the system-wide logical. The following examples show three different ways to define this logical: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_QUOTE "Quote-of-the-day"$ DEFINE/SYSTEM/EXECUTIVE TCPWARE_QUOTE "@SYS$MANAGER:QUOTE.TXT"$ DEFINE/SYSTEM/EXECUTIVE TCPWARE_QUOTE "Today's quote is",-_$ "@SYS$MANAGER:QUOTE.TXT"

TCPWARE_RCMD_FLAGS To disable user-specified SYS$LOGIN:.RHOSTS files (and use the HOSTS.EQUIV file only), set this logical to 1 (it is 0 by default).

TCPWARE_RCMD_OUTPUT Sets up a log file for incoming R Services such as RCP and RSH to log messages in the RCMD.LOG file: $ DEFINE/SYSTEM/EXECUTIVE TCPWARE_RCMD_OUTPUT RCMD.LOG

TCPWARE_RES_OPTIONS ndots ndots Sets up to six domains in a search list, as well as the minimum number of dots to recognize in a host name to make it fully qualified. The client reads this information from two logicals you set through CNFNET.

TCPWARE_RES_RETRANS_MIN Spcifies the minimum retransmit time value in seconds for the DNS resolver.

TCPWARE_RES_RETRIES Specified the retry count for the DNS resolver.

TCPWARE_SLIP_n The START/IP command line-specific-information parameter provides the OpenVMS device name for the SLIP line. If you omit this parameter, TCPware assumes that the TCPWARE_SLIP_n system logical (where n is the controller number) defines the device.

TCPWARE_SMTP_A1_NAME Used in forming the username portion of return addresses for ALL-IN-1 users.

TCPWARE_SMTP_ACCEPT_UNIX_LF Tells the SMTP agents to accept lines sent by some UNIX systems that are terminated with a linefeed only (instead of the proper carriage-return, linefeed combination).

TCPWARE_SMTP_ALLOW_USER_FROM Allows users to override their From: address on outgoing mail by specifying /FROM=xxx@yyy as the first line of outgoing mail messages.

TCPWARE_SMTP_ALLOW_VIRTUAL_DOMAIN Allows the use of virtual domains in TCPware SMTP environment. Without this logical defined, incoming aliases are assumed to be local addresses only. If your system supports multiple virtual domains and uses in the alias file to reroute traffic based on those domains, you must define this logical.

TCPWARE_SMTP_AM_DOMAIN Domain name used when forming return addresses for ALL-IN-1 users.

TCPWARE_SMTP_AM_NAME Used in forming the username portion of return addresses for ALL-IN-1 users.

TCPWARE_SMTP_APPEND_FORWARDER_TO_MX Specifies that the default SMTP forwarder, if defined, is appended to the end of an MX list for a target host when delivering outgoing mail.

TCPWARE_SMTP_BATCH_QUEUE Points to the TCPware SMTP queue.

TCPWARE_SMTP_DECNET_DOMAIN Specifies a DECnet name used in the creation of return addresses.

TCPWARE_SMTP_DELIVERY_RECEIPTS Enables or disables delivery receipts (value is TRUE or FALSE).

TCPWARE_SMTP_DISABLE_DELIVERY_RECEIPT_DISCLAIMER When deliver receipts are enabled, a disclaimer is included in all such receipts telling the sender that the message has been delivered, but not necessarily read. Defining this logical prevents the disclaimer from being included.

TCPWARE_SMTP_DISABLE_FOLDER_DELIVERY Disables TCPware SMTP's ability to deliver messages to user-defined folders in their VMS Mail files.

TCPWARE_SMTP_DISABLE_PSIMAIL If defined, causes mail sent to PSI% users to be returned with NOSUCHUSER.

TCPWARE_SMTP_ENVELOPE_FROM_HOST Specifies the host name to be used in the SMTP envelope MAIL FROM: line. If not defined, the default system host name is used.

TCPWARE_SMTP_FORWARDER Specifies the domain name of the system to which all outgoing mail is forwarded for further delivery.

TCPWARE_SMTP_FROM_HOST Specifies the local host name used when forming From: address on outgoing messages. If this logical is not defined, the system host name is used.

TCPWARE_SMTP_HEADER_ORG Specifies the text for an Organization: header in outgoing mail.

TCPWARE_SMTP_HEADER_RETURN_RECEIPT_TO Generates a Return-Receipt-To: header in outgoing mail.

TCPWARE_SMTP_HEADER_SYS Specifies the text for a System: header in outgoing mail.

TCPWARE_SMTP_HOST_ALIAS_FILE Points to the file containing a list of all the host names that should be considered local for this node for incoming mail delivery.

TCPWARE_SMTP_HOST_NAME Specifies all the local host names for this node. Used to specify all virtual domains handled by this node. Alternatively, the node names can be stored in the file TCPWARE:SMTP_HOST_ALIASES.

TCPWARE_SMTP_LOG Specifies the output filename. If not defined, the name defaults to TCPWARE:TCPWARE_SMTP_LOG.queuename.

TCPWARE_SMTP_MAXIMUM_822_TO_LENGTH Sets the maximum length of the RFC822 To: header line when delivering incoming mail to VMS Mail users.

TCPWARE_SMTP_MRGATE_NAME Specifies the name of the Message Router gateway.

TCPWARE_SMTP_NON_LOCAL_FORWARDER Specifies the name of a forwarder system for non-local outgoing mail.

TCPWARE_SMTP_NO_USER_REPLY_TO Disallows the use of user-defined Reply-To: headers in outgoing mail.

TCPWARE_SMTP_POSTMASTER Specifies the address of the system-wide postmaster.

TCPWARE_SMTP_REJECT_INVALID_DOMAINS Tells the SMTP server to reject mail from domains whose names and addresses cannot be resolved in a reverse lookup.

TCPWARE_SMTP_REPLY_TO Specifies an address for a Reply-To: header in outgoing mail.

TCPWARE_SMTP_RESENT_HEADERS Causes the inclusion of "Resent-*" headers in mail forwarded from a VMS Mail account using SET FORWARD in VMS Mail.

TCPWARE_SMTP_RETRY_INTERVAL Specifies the retry interval for messages waiting for an attempted redelivery. The time is specified as a delta time.

TCPWARE_SMTP_RETURN_INTERVAL Specifies the amount of time a given message delivery should be retried before giving up and bouncing the message back to the sender. The time is specified as a delta time.

TCPWARE_SMTP_RETURN_MSG Specifies an input filename for the return message SMTP sends when a mail message bounces.

TCPWARE_SMTP_SEND_CLASS Specifies the VMS broadcast class for "New mail" notifications. The default is USER16.

TCPWARE_SMTP_SERVER_DISABLE_VRFYEXPN Disables the VRFY and EXPN commands in bitmask format to the SMTP server.Bit 0 = VRFY; Bit 1 = EXPN.

TCPWARE_SMTP_SERVER_LOG Enables debug logs for the SMTP server.

TCPWARE_SMTP_SERVER_RCPT_CHECK_HOST The host name to be used in checking for local host when passing messages through the reject rules.

TCPWARE_SMTP_SERVER_REJECT_FILE Points to the file containing the rejection rules.

TCPWARE_SMTP_SERVER_REJECT_INFO Specifies the level of OPCOM messages generated by the rejection rules for incoming SMTP mail. If not defined, no messages are generated.

TCPWARE_SMTP_SUPPRESS_VENDOR Suppresses the vendor name in the SMTP server welcome banner. Define this logical to hide the fact that the system is a VMS system running TCPware.

TCPWARE_SMTP_SYMBIONT_LOG Enables debug logs for the SMTP symbiont.

TCPWARE_SMTP_SYMBIONT_PURGWS_TIMER Specifies how often the SMTP symbiont purges its working set to free up unneeded memory. The time is specified as a delta time.

TCPWARE_SMTP_WINDOW_SIZE Specifies the window size used in TCP connections when delivering mail.

TCPWARE_SNMP_DEBUG SNMP subagent developers uses this logical to set certain debug masks. $ DEFINE TCPWARE_SNMP_DEBUG mask

TCPWARE_SSH_ALLOW_EXPIRED_PW Allows logging in to an account when the account's password has expired due to pwdlifetime elapsing. This applies to all users and circumvents normal VMS expired-password checking, and therefore should be used with caution. An entry is made into the SSH_LOG:SSHD.LOG file when access is allowed using this logical name.

TCPWARE_SSH_ALLOW_PREEXPIRED_PW Allows logging in to an account when the password has been pre-expired. This applies to all users and circumvents normal VMS expired-password checking, and therefore should be used with caution. An entry is made into the SSH_LOG:SSHD.LOG file when access is allowed using this logical name.

TCPWARE_SSH_KEYGEN_MIN_PW_LEN Defines the minimum passphrase length when one is to be set in SSHKEYGEN. If not defined, defaults to zero.

TCPWARE_SSH_PARAMETERS_n These parameters are used to start SSHD_MASTER. They are parameters set by @TCPWARE:CNFNET SSH.

TCPWARE_SSH_USE_SYSGEN_LGI If defined, causes SSHD to use the VMS SYSGEN value of LGI_PWD_TMO to set the login grace time, overriding anything specified in the command line or the configuration file.

TCPWARE_SVCORDER Contains the list of services used in the order specified. Use the values "bind,local" (the default if the logical is not defined) and "local,bind" (which uses DNS if the Hosts database lookup fails).

TCPWARE_TCLB_BIAS Define this logical with a multiplier and an addend as two values of the logical. Both are real numbers. You can use these values to bias a load offered to the host. For example, the following command doubles the observed load and adds 1.5 users: $ DEFINE/SYSTEM TCPWARE_TCLB_BIAS "2.0","1.5" A cluster might consist of four hosts with one running other tasks. This host should not receive its full share. You can set the values to cause that host to report a higher load. TCPware re-translates this logical before it sends each response. This means that some other process can change it dynamically or you can set it statically.

TCPWARE_TELNET_WINDOW Specifies the window size that the TELNET server offers to the peer. The default value is 4096. If this logical's value is less than 512, TELNET uses 4096.

TCPWARE_TELNETD_DEFCHAR Sets up the default terminal characteristics for TELNET sessions. You can avoid having to change the SYSGEN TTY_DEFCHAR and TTY_DEFCHAR2 fields system-wide.

TCPWARE_TELNETD_FLAGS Setting either bit 0 or 1 can improve server performance and reduce system processing overhead. The default value is 1. Note! Doing so means you are not adhering to the TELNET protocol.

TCPWARE_TELNETD_INTRO_MSG Defines a special message that appears whenever a user attempts access to the host through TELNET. Use this logical to issue warnings such as "Authorized Use Only" for remote logins. If the TCPware ACE/Client is enabled and the user is designated for Token Authentication, the user is also prompted for the PASSCODE in addition to the username and password. Kerberos password protection is also available for the TELNET service.

TCPWARE_TIMED_EXCLUDE Determines the networks excluded from clock synchronization, either in network addresses or names.

TCPWARE_TIMED_INCLUDE Determines the networks included in clock synchronization, either in network addresses or names.

TCPWARE_TIMED_MODE Determines if the current host is a MASTER (primary), FIXED MASTER (fixed primary), or SLAVE (dependent). MASTER (primary) -- broadcasts time synchronization requests, calculates the time differences and averages, and sends "adjust time" messages. FIXED MASTER (fixed primary) -- provides absolute time stamps to newly started dependent TIMED hosts. SLAVE (dependent) -- is the recipient of primary "adjust time" messages.

TCPWARE_TIMEZONE This logical can have two equivalence strings: +hhmmss hh are the hours mm are the minutes ss are the seconds offset from the universal time (UT). Note! + is for east of the central meridian, - is for west. For example: +04:00:00 is four hours east of the central meridian at Greenwich. Another example: eastern standard time (EST) is five hours west of UT, so the offset is -0500. name an optional name for the time zone. For example: EDT for Eastern Daylight time. Can be one of the following: Universal Time--UT, UTC, or GMTNorth American Time--EST, EDT, CST, CDT, MST, MDT, PST, PDTMilitary Time--Any single uppercase letter A through Z except J (this format is not recommended) Any other character sequence The name is not validated and may be used by applications to report the local time zone.

TCPWARE_TSSYM_qname Defines the parameters normally set with the /ON qualifier. Since you cannot use /AUTOSTART_ON together with the /ON qualifier to initialize a terminal server print queue, you need to define the TCPWARE_TSSYM_qname logical for this purpose. $ DEFINE/SYSTEM TCPWARE_TSSYM_qname "host,port[,option...]"

TCPWARE_TSSYM_*_ RETRY_INTERVAL Defines the interval at which the symbiont retries to make a connection to a printer after an attempt fails. The default is 0::15 (15 seconds delta time).

TCPWARE_TSSYM_*_TIMEOUT Defines the time it takes for a print job to abort if the connection to the printer is never established. The default timeout is infinite (it never times out).

TCPWARE_TSSYM_qname_RETRY_INTERVAL Same as TCPWARE_TSSYM_*_RETRY_INTERVAL, but for a specific queue only, and overrides TCPWARE_TSSYM_*_RETRY_INTERVAL.

TCPWARE_TSSYM_qname_TIMEOUT Same as TCPWARE_TSSYM_*_TIMEOUT, but for a specific queue only, and overrides TCPWARE_TSSYM_*_TIMEOUT.

TCPWARE_VMSLPRSMB_ qname_PRECONN Makes the connection to the printer before processing the file. Normal behavior is to make the connection to the printer after processing the file.

TCPWARE_VMSLPRSMB_qname_RETRY_INTERVAL Same as TCPWARE_VMSLPRSMB_*_RETRY_INTERVAL, but for a specific queue only, and overrides TCPWARE_VMSLPRSMB_*_RETRY_INTERVAL.

TCPWARE_VMSLPRSMB_qname_TIMEOUT Same as TCPWARE_VMSLPRSMB_*_TIMEOUT, but for a specific queue only, and overrides TCPWARE_VMSLPRSMB_*_TIMEOUT.

TCPWARE_VMSLPRSMB_*_RETRY_INTERVAL Defines the interval at which the symbiont retries to make a connection to a printer after an attempt fails. The default value for a retry interval is 2 minutes (:2 in delta time). Note! A connection failure can take 1.5 minutes to time out, which is not included in this interval value.

TCPWARE_VMSLPRSMB_*_TIMEOUT Defines the time it takes for a print job to abort if the connection to the printer is never established. The default timeout is infinite (it never times out).

TCPWARE_VMSMAIL_HEADER_CONTROL Specifies how many RFC822 headers are included in mail delivered to VMS Mail users. Values can be ALL, MAJOR, and NONE.

TCPWARE_VMSMAIL_LOCASE_USERNAME Lowercases the username portion of outgoing addresses.

TCPWARE_VMSMAIL_NO_EXQUOTA Delivers incoming mail to local VMS Mail users without using EXQUOTA.

TCPWARE_VMSMAIL_REPLY_CONTROL Specifies which header to use to determine the sender of a message ("Reply-To:" or "From:").

TCPWARE_VMSMAIL_USE_RFC822_TO_HEADER Specifies that addresses in the RFC822 To: and CC: headers should make up the VMS Mail To: and CC: headers.

UCX$DEVICE Defined as BG: (the name of the UCX device drive).

UCX$INET_HOST Defined to be the host name (the same setting as the TCPWARE_DOMAINNAME logical).

UCX$IPC_SHR Provides the linkage to the TCPware version of the UCX$IPC_SHR Run-Time library.