HP TCP/IP Services for OpenVMS
Release Notes

4.16 TELNET Problems Fixed in This Release

The following sections describe TELNET problems fixed in this release.

4.16.1 TELNET Intrusion Detection Inflexibility

Problem:

In certain circumstances, an intrusion (such as an invalid login) by one user can cause the whole system to be locked out, and with multiport servers such as on a terminal server, all ports could be locked out. The workaround has been to set the TCPIP$TELNET_NO_REM_ID logical. However, this allows the intruding user to log in on another port without being locked out.

Solution:

This problem is corrected in this release. The logical name TCPIP$TELNET_TRUST_LOCATION allows you to specify how to handle TELNET intrusion records. When this logical name is defined, any location string specified by the remote client is included in the intrusion record. For example, many terminal servers provide the physical port number, while OpenVMS clients provide the originating user name and terminal line. Including this information in the intrusion records means that only a particular user or port will be locked out, not the entire remote host (and all user ports).

Chapter 5
Documentation Update

This chapter describes updates to the information in the TCP/IP Services product documentation.

5.1 Documentation Updated for This Release

The following manuals have been updated for this release:

Table 5-1 Current Documentation Changes
Title Changes

HP TCP/IP Services for OpenVMS SNMP Programming and Reference

The trap communities configured for regular SNMP through the TCPIP$CONFIG.COM command procedure, the TCP/IP management command SET CONFIG SNMP, or in the SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$VMS_SNMP_CONF.DAT file are not used to determine the trap receiver host or community name.
The values of the -c and -h flags to the SNMP_TRAPSND utility are handled as follows:

If no -c (community) flag is used, the default name "public" is used in the trap.
If no -h (host) flag is used, the trap is sent to LOCALHOST.

The value for the "agent address" field in the SNMPv1 trap PDU is that of the primary interface for the host on which the master agent (TCPIP$ESNMP_SERVER) is running. The value of this address can be verified as follows:

Translate the logical name TCPIP$INET_HOSTADDR.
Obtain the value of LOCALHOST using the following TCP/IP management command:
$ TCPIP SHOW CONFIGURATION COMMUNICATION

If this value is not in IP address format, determine the IP address using the following command:
$ TCPIP SHOW HOST/LOCAL local-host-name

HP TCP/IP Services for OpenVMS Sockets API and System Services Programming

The default setting for the TCPIP_KEEPIDLE option has been corrected.
The new socket options TCP_TSOPTENA, TCP_PAWS, and TCP_SACKENA are documented.
The accept routine clearly describes the x-open error return.
Information about how to convert port numbers has been included.
Information about using 64-bit addresses with the send() and receive() functions has been added.
Information was added to the getservbyport() function about converting the port number to network byte order.
More information was added about IOCTL.
All material about the Sockets API was moved from the HP C Run-Time Library Reference Manual for OpenVMS Systems to the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming.
All material about programming was moved from the HP TCP/IP Services for OpenVMS Guide to IPv6 to the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming.
Information was added about using QIOs in IPv6.

HP TCP/IP Services for OpenVMS ONC RPC Programming The example in Section 3.5.1 was corrected.

HP TCP/IP Services for OpenVMS Installation and Configuration

Added information about installing on I64 platforms.
Removed information about installing on VAX platforms.
Added information about using the enhanced IP6_SETUP.COM command procedure to configure IPv6.
Updated scripts of installation and configuration.

**Table 5-1 Current Documentation Changes**
Title	Changes
HP TCP/IP Services for OpenVMS SNMP Programming and Reference	The trap communities configured for regular SNMP through the TCPIP$CONFIG.COM command procedure, the TCP/IP management command SET CONFIG SNMP, or in the SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$VMS_SNMP_CONF.DAT file are not used to determine the trap receiver host or community name. The values of the `-c` and `-h` flags to the SNMP_TRAPSND utility are handled as follows: If no `-c` (community) flag is used, the default name "public" is used in the trap. If no `-h` (host) flag is used, the trap is sent to LOCALHOST. The value for the "agent address" field in the SNMPv1 trap PDU is that of the primary interface for the host on which the master agent (TCPIP$ESNMP_SERVER) is running. The value of this address can be verified as follows: Translate the logical name TCPIP$INET_HOSTADDR. Obtain the value of LOCALHOST using the following TCP/IP management command: $ TCPIP SHOW CONFIGURATION COMMUNICATION If this value is not in IP address format, determine the IP address using the following command: $ TCPIP SHOW HOST/LOCAL local-host-name
HP TCP/IP Services for OpenVMS Sockets API and System Services Programming	The default setting for the TCPIP_KEEPIDLE option has been corrected. The new socket options TCP_TSOPTENA, TCP_PAWS, and TCP_SACKENA are documented. The `accept` routine clearly describes the x-open error return. Information about how to convert port numbers has been included. Information about using 64-bit addresses with the `send()` and `receive()` functions has been added. Information was added to the `getservbyport()` function about converting the port number to network byte order. More information was added about IOCTL. All material about the Sockets API was moved from the HP C Run-Time Library Reference Manual for OpenVMS Systems to the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming. All material about programming was moved from the HP TCP/IP Services for OpenVMS Guide to IPv6 to the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming. Information was added about using QIOs in IPv6.
HP TCP/IP Services for OpenVMS ONC RPC Programming	The example in Section 3.5.1 was corrected.
HP TCP/IP Services for OpenVMS Installation and Configuration	Added information about installing on I64 platforms. Removed information about installing on VAX platforms. Added information about using the enhanced IP6_SETUP.COM command procedure to configure IPv6. Updated scripts of installation and configuration.

In addition, several HELP files have been updated and enhanced, including:

HELP TCPIP_SERVICES PROGRAMMING_INTERFACES
HELP TCPIP_SERVICES REMOTE_COMMANDS RCP
HELP TCPDUMP
TCPIP HELP IFCONFIG
TCPIP HELP SYSCONFIG

5.2 Documentation Not Being Updated for This Release

The following manuals are not updated for TCP/IP Services Version 5.5. Documentation changes planned for these manuals are indicated.

Table 5-2 Future Documentation Changes
Title Changes

Compaq TCP/IP Services for OpenVMS Concepts and Planning

Information about I64 platforms will be added.
Information about OpenVMS file specifications will be updated.

HP TCP/IP Services for OpenVMS Management
This manual will be enhanced with the following:

Information from Section 1.6, Support for Network Time Protocol (NTP) V4.2 in these release notes will be added.
Information from Section 1.2, failSAFE IP Support for IPv6 in these release notes will be added.
In addition, corrections will be made to the description of the TCPIP$FAILSAFE logical name.
Information from Section 1.3, Secure IMAP in these release notes will be added.
Information from Section 4.8.1, NFS Server Overwrites Files with Case-Sensitive Lookup in these release notes will be added.
Information about FTP will include new logical names TCPIP$FTP_COMPAT_REV and TCPIP$FTPD_COMPAT_REV.
Information from Section 4.11.1, SMTP Receiver Does Not Check Recipient Deliverability in these release notes will be added.
Information from the HP TCP/IP Services for OpenVMS Guide to IPv6 guide will be added.
The discussion of using logical names to specify configuration files will be enhanced to include specifics such as the use of the /SYSTEM and /EXECUTIVE_MODE qualifiers on the DEFINE command, as well as the recommendation to stop the service before changing these logical names.

HP TCP/IP Services for OpenVMS Guide to SSH

Information about the changes described in Section 1.7, SSH Features in these release notes will be included.
The following information will be added to Chapter 3:
The location of the Xauthentication executable file can be specified in the SSH client configuration file. Use the Xauthpat keyword to specify a device and directory other than the default location (SYS$SYSTEM:DECW$XAUTH.EXE).
Chapter 5 will be updated to reflect Section 4.14.4, Native-Mode X11 Port Forwarding Does Not Work in these release notes.
When X11 port forwarding is enabled on both the SSH client and server, you can use SSH to connect to an SSH server and invoke X11 client programs there, while having them appear on your local display. You can also "chain" port forwarding across multiple systems, even if the intermediate systems are not running the X11 server. For example, from SYSTEM1 you can use SSH to connect to SYSTEM2, and then from SYSTEM2 connect to SYSTEM3. An X11 client application running on SYSTEM3 will be displayed securely on SYSTEM1.
The following option will be added to the "Managing Auditing" section in Chapter 4:
AllowVmsLoginWithExpiredPw
Allowed values: yes , no
Default: yes

Description: Controls the behavior when an OpenVMS client attempts to establish an SSH connection to an OpenVMS server account with an expired password. The value yes allows the client to interact with the server to update an expired password. The value no rejects the login.
Note that when the disforce_pwd_change flag is set in the user's SYSUAF record, the client user is allowed to log in; a warning message is displayed instructing the user to change the password. If the user does not change the password, the account will be locked out and the user will not be allowed to log in again.

The following option description will be changed. The default has been changed from "no" to "yes."
AllowNonvmsLoginWithExpiredPw
Allowed values: yes , no
Default: yes

See Section 4.14.1, SSH Server Does Not Allow Password Change in these release notes for detailed information.
The examples in the section "Port Forwarding for FTP" will be corrected.
Section 6.9.1, Changing the Default Configuration, will be corrected. When specifying multiple hosts, a maximum of three BIND servers will be used.

HP TCP/IP Services for OpenVMS User's Guide

Descriptions of RCP file format and size information will be updated as described in Section 4.10, RCP Problems Fixed in This Release in these release notes.
The new /VMS qualifier for RCP will be added, as documented in Section 4.10.2, OpenVMS-to-OpenVMS File Copy Operations Do Not Preserve File Attributes in these release notes.

HP TCP/IP Services for OpenVMS Tuning and Troubleshooting

Information from the HP TCP/IP Services for OpenVMS Guide to IPv6 will be added.

HP TCP/IP Services for OpenVMS Management Command Reference

The manual will be updated to reflect the information in Section 3.14, TCP/IP Management Command Restrictions in these release notes.
New ADD EXPORT options CASE_BLIND and CASE_SENSITIVE will be added as described in Section 4.8.1, NFS Server Overwrites Files with Case-Sensitive Lookup in these release notes.
IPv6 Neighbor Discovery logical name will be added.
To troubleshoot problems with IPv6 Neighbor Discovery, you can define a logical name to obtain debug messages in the log file SYS$MANAGER:TCPIP$ND6HOST.LOG.
To set the logical name, enter the following command:
$ DEFINE /SYSTEM TCPIP$ND6HOST_DEBUG 1

Define this logical before you start TCP/IP Services.

HP TCP/IP Services for OpenVMS Guide to IPv6 The sysconfig commands in Section 2.6 (Configuring an IPv6 Router) are incorrect. The subsystem parameter on these command lines should be ipv6 . These commands need not be entered prior to running the IP6_SETUP.COM procedure. The IP6_SETUP.COM sets the appropriate attributes.

This manual is deprecated. The information in the new versions of the HP TCP/IP Services for OpenVMS Installation and Configuration guide and the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming guide has been updated and corrected.
The remaining information from the HP TCP/IP Services for OpenVMS Guide to IPv6 will be included in the HP TCP/IP Services for OpenVMS Management guide and the HP TCP/IP Services for OpenVMS Tuning and Troubleshooting guide in a future release.

**Table 5-2 Future Documentation Changes**
Title	Changes
Compaq TCP/IP Services for OpenVMS Concepts and Planning	Information about I64 platforms will be added. Information about OpenVMS file specifications will be updated.
HP TCP/IP Services for OpenVMS Management	This manual will be enhanced with the following: Information from Section 1.6, Support for Network Time Protocol (NTP) V4.2 in these release notes will be added. Information from Section 1.2, failSAFE IP Support for IPv6 in these release notes will be added. In addition, corrections will be made to the description of the TCPIP$FAILSAFE logical name. Information from Section 1.3, Secure IMAP in these release notes will be added. Information from Section 4.8.1, NFS Server Overwrites Files with Case-Sensitive Lookup in these release notes will be added. Information about FTP will include new logical names TCPIP$FTP_COMPAT_REV and TCPIP$FTPD_COMPAT_REV. Information from Section 4.11.1, SMTP Receiver Does Not Check Recipient Deliverability in these release notes will be added. Information from the HP TCP/IP Services for OpenVMS Guide to IPv6 guide will be added. The discussion of using logical names to specify configuration files will be enhanced to include specifics such as the use of the /SYSTEM and /EXECUTIVE_MODE qualifiers on the DEFINE command, as well as the recommendation to stop the service before changing these logical names.
HP TCP/IP Services for OpenVMS Guide to SSH	Information about the changes described in Section 1.7, SSH Features in these release notes will be included. The following information will be added to Chapter 3: The location of the Xauthentication executable file can be specified in the SSH client configuration file. Use the `Xauthpat` keyword to specify a device and directory other than the default location (SYS$SYSTEM:DECW$XAUTH.EXE). Chapter 5 will be updated to reflect Section 4.14.4, Native-Mode X11 Port Forwarding Does Not Work in these release notes. When X11 port forwarding is enabled on both the SSH client and server, you can use SSH to connect to an SSH server and invoke X11 client programs there, while having them appear on your local display. You can also "chain" port forwarding across multiple systems, even if the intermediate systems are not running the X11 server. For example, from SYSTEM1 you can use SSH to connect to SYSTEM2, and then from SYSTEM2 connect to SYSTEM3. An X11 client application running on SYSTEM3 will be displayed securely on SYSTEM1. The following option will be added to the "Managing Auditing" section in Chapter 4: `AllowVmsLoginWithExpiredPw` Allowed values: `yes` , `no` Default: `yes` Description: Controls the behavior when an OpenVMS client attempts to establish an SSH connection to an OpenVMS server account with an expired password. The value `yes` allows the client to interact with the server to update an expired password. The value `no` rejects the login. Note that when the `disforce_pwd_change` flag is set in the user's SYSUAF record, the client user is allowed to log in; a warning message is displayed instructing the user to change the password. If the user does not change the password, the account will be locked out and the user will not be allowed to log in again. The following option description will be changed. The default has been changed from "no" to "yes." `AllowNonvmsLoginWithExpiredPw` Allowed values: `yes` , `no` Default: `yes` See Section 4.14.1, SSH Server Does Not Allow Password Change in these release notes for detailed information. The examples in the section "Port Forwarding for FTP" will be corrected. Section 6.9.1, Changing the Default Configuration, will be corrected. When specifying multiple hosts, a maximum of three BIND servers will be used.
HP TCP/IP Services for OpenVMS User's Guide	Descriptions of RCP file format and size information will be updated as described in Section 4.10, RCP Problems Fixed in This Release in these release notes. The new /VMS qualifier for RCP will be added, as documented in Section 4.10.2, OpenVMS-to-OpenVMS File Copy Operations Do Not Preserve File Attributes in these release notes.
HP TCP/IP Services for OpenVMS Tuning and Troubleshooting	Information from the HP TCP/IP Services for OpenVMS Guide to IPv6 will be added.
HP TCP/IP Services for OpenVMS Management Command Reference	The manual will be updated to reflect the information in Section 3.14, TCP/IP Management Command Restrictions in these release notes. New ADD EXPORT options CASE_BLIND and CASE_SENSITIVE will be added as described in Section 4.8.1, NFS Server Overwrites Files with Case-Sensitive Lookup in these release notes. IPv6 Neighbor Discovery logical name will be added. To troubleshoot problems with IPv6 Neighbor Discovery, you can define a logical name to obtain debug messages in the log file SYS$MANAGER:TCPIP$ND6HOST.LOG. To set the logical name, enter the following command: $ DEFINE /SYSTEM TCPIP$ND6HOST_DEBUG 1 Define this logical before you start TCP/IP Services.
HP TCP/IP Services for OpenVMS Guide to IPv6	The `sysconfig` commands in Section 2.6 (Configuring an IPv6 Router) are incorrect. The subsystem parameter on these command lines should be `ipv6` . These commands need not be entered prior to running the IP6_SETUP.COM procedure. The IP6_SETUP.COM sets the appropriate attributes.
	This manual is deprecated. The information in the new versions of the HP TCP/IP Services for OpenVMS Installation and Configuration guide and the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming guide has been updated and corrected. The remaining information from the HP TCP/IP Services for OpenVMS Guide to IPv6 will be included in the HP TCP/IP Services for OpenVMS Management guide and the HP TCP/IP Services for OpenVMS Tuning and Troubleshooting guide in a future release.

These manuals will be updated in a future release of TCP/IP Services.

Previous Contents Contents