background image

32

32

32

32

Chapter 4

where 

terminal

 is the terminal name and 

user

 is the user name from the 

terminal (

root

 is automatically used if security is disabled; 

guest

 is automatically 

used if security is enabled 

and 

auto login as guest

 is selected).

In addition, the terminal optionally supports both Kerberos authentication and DES 
data encryption for RSH commands, although the X protocol packets for an X 
application will not go through the DES data encryption layer.

Secure Shell

Secure Shell

Secure Shell

Secure Shell

This is an additional method for using the X Manager with RSH. The distribution 
includes the shell 

rshsecure

, which is designed to perform a more secure method 

for managing RSH requests. 

rshsecure

 also provides the ability for users to run 

shell scripts, such as those invoked from an XDM session on an X terminal. The 
remainder of this section describes how to configure your server for use with the 

rshsecure

 shell.

Start by creating a new account. For security reasons, make sure this account is 
not the superuser account.

As root, create a .

rhosts

 file for this user, and make sure the ownership of the 

.

rhosts

 file gets changed (

chown

) to this user. In the .

rhosts

 file, add one entry 

for every terminal/user pair you want to go through 

rshsecure

. For example, if 

you are using your terminals as “security disabled” and you are using DHCP, you 
can put every DHCP IP address in the .

rhosts

 file with the user name being 

root

After saving the .

rhosts

 file and using 

chown

 to assign ownership, make sure it is 

writable 

only by the user and not by anyone else (

chmod 644 .rhosts

).

Change the login shell for the account to be the 

rshsecure

 program (based upon 

where you installed it, since you need a full path name).

Note

Note

Note

Note

On Linux, the included 

rshsecure

 binary uses 

libc5

.

Determine the set of commands you will be allowing your users to run and create 
the file 

rshsecure

.

cfg

 in the login directory for this user. Again, make sure that it 

is not writable by anyone except the owner. Lines starting with the pound sign (#) 
are treated as comments. The first non-comment line is the shell to be used when 
invoking commands. The second non-comment line is the 

xterm

 program (or 

equivalent). The third non-comment line is the 

su

 program. All three of these 

programs should be fully qualified with path names to eliminate possible security 
concerns. All remaining lines are the authorized commands. The 

rshsecure

 

program does a literal comparison of the entries in this file to the command passed 
via RSH (with arguments removed), so, for example, comparing 

/bin/ls

 to 

/

bin/ls

 will succeed and comparing 

ls

 to 

/bin/ls

 will fail.

Summary of Contents for T1500 - Windows-based Terminals - 72 MB RAM

Page 1: ...T1500 WINDOWS BASED TERMINAL NETWORK INSTALLATION GUIDE...

Page 2: ......

Page 3: ...T1500 WINDOWS BASED TERMINAL NETWORK INSTALLATION GUIDE December 1999...

Page 4: ...ment may be photocopied or reproduced in any form without prior written consent from Compaq Computer Corporation 1999 Compaq Computer Corporation All rights reserved Printed in Taiwan COMPAQ and the C...

Page 5: ...or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment to an outlet on a circuit different f...

Page 6: ...e 73 23 EEC issued by the Commission of the European Community Compliance with these directives implies conformity to the following European Norms in brackets are the equivalent international standard...

Page 7: ...e terms and conditions YOU MAY NOT USE COPY MODIFY TRANSLATE OR TRANSFER THE SOFTWARE OR MODIFICATION THEREOF IN WHOLE OR IN PART EXCEPT AS EXPRESSLY PROVIDED FOR IN THIS LICENSE YOU MAY NOT DECOMPILE...

Page 8: ...TWEEN US RELATING TO THE SOFTWARE Export Restrictions Export Restrictions Export Restrictions Export Restrictions You agree You will not export or transmit the Software to any country to which export...

Page 9: ...of Installation Procedure 2 Planning Your Installation 3 Step 1 Complete Worksheets 3 Step 2 Configure Terminal Start Up Resources 3 Step 3 Configure Optional Terminal Start Up Resources 4 Step 4 Conf...

Page 10: ...rminal Start Up Resources Configuring Optional Terminal Start Up Resources Network Services 23 NFS 24 SMB 24 SNMP 25 HTTP Help 26 Serial Internet Connections 26 PPP 26 SLIP 26 CSLIP 27 FTP 27 HTTP Upg...

Page 11: ...Quick Start Procedure 48 G Key Reset Procedure 50 B B B B Installation Planning Worksheets Installation Planning Worksheets Installation Planning Worksheets Installation Planning Worksheets Terminal S...

Page 12: ...x x x x...

Page 13: ...s explained in Chapter 1 of this guide If you only want to verify basic operation of the terminal using local boot go directly to the quick start procedure in Appendix A However you will have only lim...

Page 14: ...Definitions RFC 1213 Management Information Base for Network Management of TCP IP based internets MIB II Other RFCs Other RFCs Other RFCs Other RFCs RFC 1350 The TFTP Protocol Revision 2 RFC 1094 NFS...

Page 15: ...upport refer to the Compaq Technical Support telephone numbers for your area Note Note Note Note If you are operating in a local boot environment and already have a network configured and if you will...

Page 16: ...CD The installation scripts on the CD are used to perform the second part they are not used for the first part because software tools should already exist on your server to configure the server resour...

Page 17: ...e installed configured for the planned installation Each worksheet pertains to one of the categories of network resources Steps 2 through 6 below provide brief summaries of the configuration process a...

Page 18: ...access to operate properly Fill out the worksheet for Step 4 in Appendix B and use the instructions in Chapter 4 to configure server application resources Step 5 Select Location of Browser Step 5 Sel...

Page 19: ...ided in this chapter Some resources such as NFS may also be described in other chapters of this document BOOTP BOOTP BOOTP BOOTP BOOTP is a protocol used in a network boot environment for providing al...

Page 20: ...our subnet Note Note Note Note Some BOOTP server implementations allow only 64 bytes of information including identification overhead to be sent in a reply message If the provided information plus ove...

Page 21: ...Note Note Note Note IMPORTANT IMPORTANT IMPORTANT IMPORTANT The addresses of servers that support the terminal boot process must be specified by IP address This is because the name resolution function...

Page 22: ...oot environments In local boot environments it can be used to reduce the amount of configuring that must be done on a terminal by terminal basis In network boot environments it can be used in the same...

Page 23: ...ly in a locally booted terminal Boot Server see on line help otherwise known as Buddy Boot uses these options to give preference to a server that provides these options servers for use with local boot...

Page 24: ...Subnet Mask 3 Router 6 Domain Name Server 12 Host Name 15 Domain Name 17 Root Path 18 Extension Path 28 Broadcast Address 43 Vendor Specific Information 48 X Windows Font Server 49 XDMCP Addresses 51...

Page 25: ...much easier to manipulate using an editor than is a DHCP option space The IP address and pathname used above are only for example Table 2 2 lists all T1500 specific options not listed in Table 2 1 Not...

Page 26: ...n Type Length Value for Type Length Value for Type Length Value for Type Length Value for Option 43 Option 43 Option 43 Option 43 1 Vendor specific ID Integer 4 0x76583A1C NETSVC 2 Network service mac...

Page 27: ...e default behavior is for the terminal to request NO options in the 128 through 254 site specific option space Because this is known to cause problems in some environments Setup can be used to modify...

Page 28: ...HCP option allows the network administrator to override what is configured in setup to protect the disk space capacity on his server For Option 18 or 128 this is a string 0080_NETSVC YES For Option 43...

Page 29: ...qualifies For NFS the directory must be exported with read write execute permissions and with root mapping to root not to nobody For SMB the server s guest account needs to be activated and guest use...

Page 30: ...nt are determined by the DHCP server In a heterogeneous environment where DHCP is being used to configure multiple types of devices it is recommended that the Client ID Vendor ID Hostname or some othe...

Page 31: ...options option number length data terminated with the end 255 option Since in most cases this format is very difficult to edit a text file format is also supported where the options are of the form L...

Page 32: ...55 Not allowed 57 Not allowed 58 Not allowed 59 Not allowed 60 Not allowed 61 Not allowed 64 NISPLUSDOMAIN Not currently used 65 NISPLUSSERVER Not currently used 66 Not allowed 67 Not allowed 69 SMTPS...

Page 33: ...rs do not maintain different scopes of option data based upon Vendor ID Client ID or other device defining tag The Option Ids for these options are listed in an earlier table Options 128 Options 128 O...

Page 34: ...including Linux SCO Openserver and SCO UnixWare TFTP is launched via the inet program To activate TFTP in this way there must be an entry in the etc inetd conf or etc inet inetd conf file whose first...

Page 35: ...ms set the superuser ID suid to root If the NFS server remaps the ID to something other than root the programs will run but not as a root user 2 2 2 2 The file system must support symbolic links 3 3 3...

Page 36: ...need to configure every terminal s hosts database via the Select System Setup Select System Setup Select System Setup Select System Setup Connectivity Internet Connectivity Internet Connectivity Inter...

Page 37: ...quirements Some of the resources described here such as NFS have already been described in other chapters Network Services Network Services Network Services Network Services Network services are softw...

Page 38: ...ervices Network Services Network Services Network Services dialog box Swapping can be disabled through the use of DHCP options as described in Chapter 2 In a local boot environment spooling is optiona...

Page 39: ...e Permission Replace Permission Replace Permission Replace Permission check boxes and press OK OK OK OK 8 8 8 8 Reply Yes Yes Yes Yes to the Query Query Query Query and press OK OK OK OK 9 9 9 9 After...

Page 40: ...elect System Setup Connectivity Internet Select System Setup Connectivity Internet not both The resolver does not look up more than one domain Linux requires that DNS be set up before working with SLI...

Page 41: ...TP FTP is one of the protocols that will be used to upgrade from the current software release to future releases When implemented configuration of an FTP server will be recommended but the exact detai...

Page 42: ...28 28 28 28 Chapter 3...

Page 43: ...pecial configuration requirements Some resources covered here such as HTTP have already been described in previous chapters Refer to Chapter 5 for further information about browser resources HTTP HTTP...

Page 44: ...al to connect to servers running the Microsoft Windows Terminal WTS software and the Citrix Corporation MetaFrame software ICA allows the terminals to run Windows applications remotely on the respecti...

Page 45: ...static table that correctly matches name and current IP addresses If the terminal has a domain name the name that matches the terminal s name will typically have the domain name as well Third you mus...

Page 46: ...inal user pair you want to go through rshsecure For example if you are using your terminals as security disabled and you are using DHCP you can put every DHCP IP address in the rhosts file with the us...

Page 47: ...ram specified above is executed pointing back to the terminal executing the su command specified above After the user successfully enters a password the command passed via the X manager is then execut...

Page 48: ...34 34 34 34 Chapter 4...

Page 49: ...rowser Location Browser Location Browser Location Your choice of browser location depends on both your browsing needs and the configuration of the terminal you are using The terminal uses Netscape Com...

Page 50: ...ragraph below for a summary of the constraints imposed Netscape Communicator Constraints Netscape Communicator Constraints Netscape Communicator Constraints Netscape Communicator Constraints Netscape...

Page 51: ...he dialog 2 2 2 2 The Composer is hidden 3 3 3 3 Mail News components are hidden Table 5 1 Netscape Communicator Constraints Table 5 1 Netscape Communicator Constraints Table 5 1 Netscape Communicator...

Page 52: ...38 38 38 38 Chapter 5...

Page 53: ...to be installed onto the appropriate server s the source code for components of the system that are protected by the GPL GNU Public License and the source code for the installation software Running t...

Page 54: ...NT only supports the graphical installation mode To determine the current user in a UNIX environment the script looks at two environment variables If USER is set it is referenced for root non root per...

Page 55: ...sd o bcbsize 4096 pfs_mount dev c1t2d0 SD_CDROM To unmount at the end use ps ef grep pfs to find the pfs commands You will eventually use kill 9 pidlist to kill the tasks where pidlist is the list of...

Page 56: ...You must use instead of Do not use spaces in file or directory names You will be prompted as to whether this is an upgrade or an installation on top of a prior release If you perform an upgrade the co...

Page 57: ...TP servers restrict you to a total of 64 bytes of options so the root directory path must be short If TFTP is configured on your server the value given for its default will override your selected defa...

Page 58: ...ompt after all the other prompts asking if you want to extract the data A yes response will initiate the copy operation and a no response will exit from the operation without updating your system GUI...

Page 59: ...ers Although the installation software supports installation only on Windows NT server SCO UnixWare SCO OpenServer Slackware Red Hat Linux and HP UX servers some end users may want to use other server...

Page 60: ...xpand untar the two source files somewhere on your system build them per the instructions in the tar file and install them per the instructions You will need a C compiler to do this You first need to...

Page 61: ...terminal to boot from a network server you must perform the complete server setup procedure that starts with Chapter 1 of this document Note Note Note Note If the site has a DHCP server and the termin...

Page 62: ...d to be re flashed If Automatic Login as Guest Automatic Login as Guest Automatic Login as Guest Automatic Login as Guest is selected from a previous session the Login Login Login Login dialog box wil...

Page 63: ...Select button at the lower left corner of the desktop again and select System System System System In the Select System Select System Select System Select System pop up menu select Setup Setup Setup...

Page 64: ...user login name and password Follow the prompts displayed on the screen Note Note Note Note Your security access level may limit the resets available to you Refer to the on line help documentation fo...

Page 65: ...SMTP needs to be configured and not all resources have to reside on the same server Different resources that are used with the terminals can be distributed on different servers in a network environme...

Page 66: ...tations are on people s desktops many server resources may already be configured In new installations you will have to determine which server resources you must configure for use with the network term...

Page 67: ...i i s s s s r r r r e e e e s s s s o o o o u u u u r r r r c c c c e e e e r r r r e e e e q q q q u u u u i i i i r r r r e e e e d d d d o o o o r r r r r r r r e e e e c c c c o o o o m m m m m m...

Page 68: ...e e e d d d d o o o o r r r r r r r r e e e e c c c c o o o o m m m m m m m m e e e e n n n n d d d d e e e e d d d d f f f f o o o o r r r r l l l l o o o o c c c c a a a a l l l l b b b b o o o o o...

Page 69: ...e e e e l l l l a a a a t t t t e e e e d d d d t t t t o o o o t t t t h h h h i i i i s s s s r r r r e e e e s s s s o o o o u u u u r r r r c c c c e e e e S S S S e e e e r r r r v v v v e e e e...

Page 70: ...e e e e o o o o n n n n t t t t h h h h e e e e C C C C D D D D r r r r e e e e l l l l a a a a t t t t e e e e d d d d t t t t o o o o t t t t h h h h i i i i s s s s r r r r e e e e s s s s o o o o...

Page 71: ...i r r r r e e e e d d d d o o o o r r r r r r r r e e e e c c c c o o o o m m m m m m m m e e e e n n n n d d d d e e e e d d d d f f f f o o o o r r r r l l l l o o o o c c c c a a a a l l l l b b b...

Page 72: ...e f f f f o o o o r r r r e e e e a a a a c c c c h h h h r r r r e e e e s s s s o o o o u u u u r r r r c c c c e e e e T T T T F F F F T T T T P P P P 1 MB tftpboot vmlinux N N N N F F F F S S S S...

Page 73: ...Installation Planning Worksheets 59 59 59 59...

Page 74: ...Based Terminal Network Installation Guide T1500 Windows Based Terminal Network Installation Guide T1500 Windows Based Terminal Network Installation Guide Created using FrameMaker and Acrobat The on l...

Reviews: