![[Digital logo]](../../IMAGES/DIGITAL-LOGO.GIF){kind=logo}
![[HR]](../../IMAGES/REDBAR.GIF)
If this file is found, it is executed as a command file containing decnet_register commands.
To use a different file name, specify a logical definition as follows with initialization-command-file naming your command file:
$ define decnet_register_init
This section contains instructions for initializing the DECdns distributed namespace using the decnet_register manage command to invoke the decnet_register_decdns command or script file. This section describes how to perform the following namespace tasks:
To perform certain tasks discussed in this chapter, you need access rights. For more information about the access rights, refer to the DECnet-Plus DECdns Management guide. Also, DECnet-Plus DECdns Management contains complete information about DECdns and the namespace and provides namespace planning information.
Initializing the DECdns namespace consists of creating the backtranslation and node synonym directories, and the required DECdts directory DTSS_GlobalTimeServers. Some DECnet features do not work properly unless these directories exist; for example, you cannot use Phase IV node names if the node synonym directory (usually .DNA_NodeSynonym) is not available.
Note
Digital strongly recommends that you create these directories immediately. See Section 5.3.12.1 for a description of these directories and the initialization procedure.
Every DECdns namespace must be initialized for DECnet use at least once. This involves creating required namespace directories and the .DNA_Registrar access control group. On OpenVMS systems, the namespace is initialized when the DECnet-Plus advanced configuration procedure creates the namespace. On Digital UNIX systems, you create and initialize a namespace independently of the configuration procedure by using dnsconfigure.
To create directories and access control groups, you need to have access to the clearinghouses and directory in which you want to create these directories and groups. You usually do this from the node and account that created the namespace.
You can reinitialize the namespace for DECnet at any time; if the namespace directories already exist, the tool does not overwrite them. You need to reinitialize the namespace if, for example, a backtranslation directory was accidentally deleted.
Initialization creates the following directories:
Initialization also creates the following access control group:
.DNA_Registrar
Contains a list of network users with read, write, delete, test, and control access to all namespace objects, soft links, and directories created using decnet_register and decnet_register_decdns.
To initialize the namespace for DECnet, select Option 10 on the decnet_register main menu. The following messages and prompts appear, one by one. Enter decdns as the name service to manage. Enter ? for help. Press the appropriate control key sequence for your platform to cancel the initialization. Output is similar to the following example:
Manage the node name storage aspects of a directory service
Use Return, Ctrl-N, and Ctrl-P to move between input fields
Use "?" to obtain help, Ctrl-Z to cancel
Specify the directory service as DECdns.
* Directory Service: decdns
This function executes the "SYS$MANAGER:DECNET_REGISTER_DECDNS.COM"
procedure to
perform management of only those aspects of the directory service
that affect the storage of node name data.
Press Return to execute the procedure, Ctrl-Z to cancel
Starting the directory management procedure for the DECdns directory service
The procedure name is "@SYS$MANAGER:DECNET_REGISTER_DECDNS.COM"
DECnet-Plus node directory management for DECdns
Type a question mark (?) at any prompt to obtain help.
Press Ctrl-Z at any prompt to exit from the function.
Enter the name of the DECdns namespace to use.
The default is the system default namespace (bb_ns:).
* Namespace name: bb_ns
Checking the bb_ns namespace.
Choose one of the following functions by specifying its function number,
or request help by typing HELP or a question mark (?).
0 - Exit
1 - Create a directory to hold registered node names
2 - Create a directory for Phase IV Synonyms
3 - Create a directory for address-to-name translations
4 - Create the directory for the DECdts Time Services
5 - Replicate a node name or synonym directory
6 - Replicate an address-to-name translation directory
7 - Create an access control group
8 - Add members to an access control group
9 - Remove members from an access control group
10 - Show members of an access control group
11 - Allow node autoregistration into a directory
12 - Disallow node autoregistration into a directory
* Function to execute:
Your namespace will probably include many directories in which nodes are registered. Only the smallest networks should have all nodes registered in the root directory. For a more detailed discussion of this strategy, refer to the DECnet-Plus DECdns Management guide.
Note
Because decnet_register can set up any access control required by DECnet, Digital recommends that you use this tool (rather than the DECdns Control Program) to create the namespace directories you want to use for node names.
To create a directory, select Option 10 at the decnet_register main menu. Enter decdns as the name service to manage and enter the name of the DECdns namespace to use. Then select Function 1 from the decnet_register_decdns function menu.
These prompts appear, one by one. Press the appropriate control key sequence for your platform to exit. Output is similar to the following example:
Create additional directories for registering node names.
Press Ctrl-Z when done.
* Directory name: .xyz
Enter the name of the clearinghouse for the master copy of the directory.
The default is the parent directory's clearinghouse.
* Master replica clearinghouse: .mgv460_bb_ch
Enter the names of the access control groups to apply to the directory,
separated by commas.
The default is no access control groups.
* Access control groups: .worldread_group
Creating the bb_ns:.xyz directory.
For help answering the prompts, refer to the following:
Directory Name
Specify the full name for the directory to be created. This should not include a node or user name; for example, .Japan.Osaka.
Master Replica Clearinghouse
Specify the name of the clearinghouse where the master directory replicas should be created. Include any required directory information; for example, if your clearinghouse is in the root directory, you might type .MAS_CH.
If you do not specify a clearinghouse name, the parent directory's clearinghouse is used (this is the DECdns default).
Access Control Groups
Enter the names of one or more DECdns access control groups that you want to include in the access control set for the directory (or directories) you create. Using groups other than .DNA_Registrar allows you to control user access to the directories by listing those users who have read, write, delete, test, and control access to directories created using decnet_register_decdns. The specified access control groups are propagated to all node names registered in the created directories.
To specify more than one group name, separate them by commas.
The .DNA_Registrar group is included automatically in the list, whether or not you specify it.
The .DNA_Registrar group is created and populated by decnet_register_decdns. You are responsible for creating and populating any additional groups that you specify.
After you have answered all the prompts, decnet_register_decdns displays messages as it creates the directories. Press the appropriate control key sequence for your platform to exit. Output is similar to the following example:
* Directory name: .xyz
* Master replica clearinghouse: .mgv460_bb_ch
* Access control groups [Def=DNA_Registrar]: .worldread_group
Creating the bb_ns:.xyz directory.
* Directory name:
When you initialize the namespace for DECnet use, the tool creates backtranslation directories in the namespace for your network IDP and preDSP and for each network area that you specify. If you add an IDP, preDSP, or network area to your network, you must create new backtranslation directories. Also, if you plan to change the network's IDP or preDSP or a node's area, first create new backtranslation directories.
To create a directory for a new DECnet area or IDP and preDSP, select Function 3 at the decnet_register_decdns function menu. The following prompts appear, one by one. Press the appropriate control key sequence for your platform to exit.
Output is similar to the following example:
Create a directory tree to hold address-to-name translation information.
Press Ctrl-Z when done.
Enter the name of the base address-to-name translation directory.
The current default is ".DNA_BackTranslation".
* Directory name: .DNA_BackTranslation
* Create the base directory [y/n, def=no]: y
Enter the name of the clearinghouse for the master copy of the directory.
The default is the parent directory's clearinghouse.
* Master replica clearinghouse: major2:.nyc_ch
Enter the names of the access control groups to apply to the directory,
separated by commas.
Enter "." to reset the default to no access control groups.
The current default is ".dna_registrar".
* Access control groups: .dna_registrar
Creating the MAJOR2:.DNA_BackTranslation directory.
Enter the OSI area prefix, using either of the formats:
<afi>:<idi>:<predsp>
<afi><idi>+<predsp>
The current default is "49::"
* OSI area prefix: 49::
* Create the OSI area prefix directory [y/n, def=no]: y
Enter the name of the clearinghouse for the master copy of the directory.
The default is the parent directory's clearinghouse.
* Master replica clearinghouse: major2:.nyc_ch
Enter the names of the access control groups to apply to the directory,
separated by commas.
Enter "." to reset the default to no access control groups.
The current default is ".dna_registrar".
* Access control groups: .dna_registrar
Creating the MAJOR2:.DNA_BackTranslation.%X49 directory.
Enter the local area, using either of the formats:
A decimal value, from 1 to 63
A hexadecimal value, from %x0001 to %xFFFE
It is assumed that local area child directory needs to be created. (1)
* Local area: 4
Enter the name of the clearinghouse for the master copy of the directory.
The default is the parent directory's clearinghouse.
* Master replica clearinghouse: major2:.nyc_ch
Enter the names of the access control groups to apply to the directory,
separated by commas.
Enter "." to reset the default to no access control groups.
The current default is ".dna_registrar".
* Access control groups: .dna_registrar
Creating the MAJOR2:.DNA_BackTranslation.%X49.%X0004 directory.
Enter the local area, using either of the formats:
A decimal value, from 1 to 63
A hexadecimal value, from %x0001 to %xFFFE
It is assumed that local area child directory needs to be created.
* Local area:
Press the appropriate control key sequence for your platform to exit.
For help answering the prompts, refer to the following:
Directory Name
Enter the name of the base backtranslation directory. This directory is commonly called .DNA_BackTranslation.
Enter YES to create the base backtranslation directory.
Master Replica Clearinghouse
Specify the name of the clearinghouse where the master directory replicas should be created. Include any required directory information; for example, if your clearinghouse is in the root directory, you might type .MAS_CH.
If you do not specify a clearinghouse name, the parent directory's clearinghouse is used (this is the DECdns default).
Access Control Groups
Enter the names of one or more DECdns access control groups that you want to include in the access control set for the directory (or directories) you create. Using access control groups allows you to control user access to the directories by listing those users who have read, write, delete, test, and control access to directories created using decnet_register_decdns. The specified access control groups are propagated to all backtranslation soft links.
To specify more than one group name, separate them by commas. You are responsible for creating and populating any access control groups that you specify.
OSI Area Prefix
Specify the IDP (initial domain part) and preDSP (domain-specific part) value for the network. Specify either the default value (49::) or a value explicitly allocated for this network.
The format is afi:idi:predsp, where:
| afi | Two decimal digits indicating the IDP allocation authority. Press question mark (?) at the prompt to obtain a complete list of all the recognized authority format identifier (AFI) values. |
| idi | A string of decimal digits indicating the initial domain identifier (IDI) value. |
| predsp | A string of hexadecimal digits whose use might be required for this IDP. The preDSP will be prefixed to the node's local area value in the domain-specific part (DSP) of the node's network service access point (NSAP). If a predsp has not been defined for your network, do not specify a value. |
Note
For more information on IDP and preDSP values, refer to the chapter describing how to create NSAP addresses in the DECnet-Plus Planning Guide.
The default of 49:: means that both the idi and predsp are null. When the AFI equals 49::, the network is not to be interconnected with other OSI networks.
If you specify an IDP with an AFI other than 49::, that value appears as the default the next time the prompt appears.
Enter YES to create the OSI area prefix directory.
Local Area Value
Specify the local area to use within the IDP. This is either of the following:
This function adds new members to the DECdns .DNA_Registrar access control group. The .DNA_Registrar access control group lists those users who have read, write, delete, test, and control access to all directories, objects, and soft links created using decnet_register. This group is automatically placed in the appropriate access control list for every node registered using decnet_register.
If necessary, you can also use the DECdns Control Program to add additional users and groups to individual access control lists.
To add members to the access control group, select Option 8 at the decnet_register_decdns main menu. Press the appropriate control key sequence for your platform to exit. Output is similar to the following example:
Add members to the access control group. Press
Ctrl-Z when done.
Enter the name of the access control group to use.
The current default is "bb_ns:.biggroup".
* Group name: .biggroup
Enter the name of the group member to add.
* Member name: .mvg460.manager
For help answering the prompt for a member name, refer to the following:
Member
Enter the name of the member you want to add, using the format:
node_full_name.user_name
where:
| node_full_name | The DECnet Phase V full name of the node on which the user has an account. This node must be registered in the namespace. |
| user_name | The account name for the user on this node. |
You can also specify members using the format:
node_name::user_name
where:
| node_name | The Phase IV name of the node on which the user has an account. This node must be registered in the namespace, with this name as its Phase IV synonym. |
| user_name | The account name for the user on this node. |
The following example shows two members being added to the access control group, the first by specifying the node's full name, and the second by specifying the Phase IV node name. Press the appropriate control key sequence for your platform to exit.
* Member name: .Japan.Osaka.Sales.Yamamoto
Adding member ".Japan.Osaka.Sales.Yamamoto" to ".DNA_Registrar"
* Member name: GCsale::Obrien
Adding member ".DNS$IV.GCsale.Obrien" to ".DNA_Registrar"
* Member:
When you create a new namespace on an OpenVMS DECdns name server, a group called .WorldRead_Group is also created. This allows you to easily change from one namespace to another. This group allows READ and TEST access to node objects. Therefore, a node that is moving from one namespace to another can read old information from its previous namespace and move any of this information to the new namespace.
When the .WorldRead_Group is created, it contains members LOCAL:.*... and <ns>:.*..., where <ns> is the name of your namespace. The person managing the namespace determines which systems (or namespaces) will get READ and TEST access to the namespace. The namespace manager needs to explicitly remove the members from the .WorldRead_Group if the namespace manager does not want these members included.
When decnet_register_decdns is first used to set up the directories for a namespace, it checks for the existence of the .WorldRead_Group access control group. This group is generally used when multiple namespaces are in use in the network (for example, multiple DECdns namespaces, or one or more DECdns namespaces plus the local namespace). The members of this group are automatically granted read access to any created directories and objects, regardless of the namespace they are in.
Without the .WorldRead_Group access control group, users in other namespaces would need to be granted access to any appropriate directories and objects individually. Members in the .WorldRead_Group group are usually of the form namespace:.*..., where namespace is your namespace nickname (for example, ACME:.*...). Individuals can also be listed.
If decnet_register_decdns does not find the .WorldRead_Group access control group, it asks whether to create the group. If so, decnet_register_decdns does the following:
If the access control group is not created, decnet_register_decdns does not ask this question again on subsequent invocations. To have the question repeated on a later invocation, edit the decnet_register_decdns.defaults file in the login directory, find the line that contains def_worrea or nrg_def_worrea, and remove the appropriate namespace from the value list.
It is important to note that this group affects only those directories and objects created after the group. Any directories and objects created before the group must have the access control set (ACS) explicitly set using the DECdns Control Program.
This function removes members from the DECdns .DNA_Registrar access control group. .DNA_Registrar lists those users who are allowed to manage node names in the namespace.
To perform this task, select Option 9 at the decnet_register_decdns main menu and the following messages appear. Press the appropriate control key sequence for your platform to exit. Output is similar to the following example:
Remove members from the access control group.
Press Ctrl-Z when finished.
* Member name:
For help answering the prompt, refer to the following:
Member Name
Enter the name of the member you want to remove. Specify the member's name exactly as it appears when you use Option 10 to list the members of the access control group.
If the member's name was added using the format node_name::user_name, you can use this same format to remove it.
To delete all members of the group, enter an asterisk (*) at the prompt. This command re-creates the .DNA_Registrar access control group.
The following example shows two members being removed from the access control group, the first using the name as shown by Option 10, and the second using the Phase IV format. Press the appropriate control key sequence for your platform to exit. Output is similar to the following example:
* Member: .Japan.Osaka.Sales.Yamamoto
Removing member ".Japan.Osaka.Sales.Yamamoto" from ".DNA_Registrar".
* Member: GCsale::Obrien
Removing member ".DNS$IV.GCsale.Obrien" from ".DNA_Registrar".
* Member:
This function shows the members of the DECdns .DNA_Registrar access control group. .DNA_Registrar lists those users who are allowed to manage node names in the namespace.
To perform this task, select Option 10 at the decnet_register_decdns main menu. The following messages appear:
Show members of the access control group.
Press Ctrl-Z when done.
Enter the name of the access control group to use.
the current default is "bb_ns:.biggroup".
Group name:
SHOW
GROUP bb_ns:.biggroup
AT 05-NOV-1995:14:41:25
DNS$Members (set) = :
(V) Principal = bb_ns:.mgv460.manager
Some tasks in this chapter manually register nodes in the namespace. DECnet Phase V nodes --- but not Phase IV nodes --- can automatically register themselves in the namespace when they are configured. This is called autoregistration. With this option you can enable or disable autoregistration of DECnet Phase V nodes. (Autoregistration of DECnet Phase V nodes is disabled by default.)
PROFILE_VMS_005.HTML OSSG Documentation 2-DEC-1996 12:34:53.84
Copyright © Digital Equipment Corporation 1996. All Rights Reserved.