HP OpenVMS Systems Documentation

Content starts here

HP TCP/IP Services for OpenVMS

Previous Contents Index

1.1.4 Starting and Stopping the Software

To start TCP/IP Services manually, enter the following command:


The startup procedure enables the configured services and initializes the configured network interfaces.

To stop (shut down) the product manually, enter the following command:


The shutdown procedure does the following:

  1. Stops network communication
  2. Disables active services
  3. Deletes the network interface definitions
  4. Deassigns defined logical names
  5. Deletes installed images

To start TCP/IP Services automatically, add the following command to the system startup file:


To maintain site-specific startup and shutdown commands and settings, create the following files:


The site-specific startup procedure is invoked after all the TCP/IP services have been started. These files are not overwritten when you install a new version of TCP/IP Services.

HP recommends that you use the TCPIP$CONFIG configuration procedure to stop and start services. However, startup and shutdown files are provided for individual services, allowing you to stop and start individual components without impacting the operation of the remaining TCP/IP Services software.

This feature allows you to modify a service configuration without restarting the TCP/IP Services product. For example, you can shut down the LPD service, change its configuration parameters, and then restart it, without interrupting the other TCP/IP services that are running on the system.

Each service is provided with its own startup and shutdown command procedures, as follows:

  • SYS$STARTUP:TCPIP$service_STARTUP.COM, a supplied command procedure that ensures the environment is configured appropriately and starts up the component specified by service.
  • SYS$STARTUP:TCPIP$service_SHUTDOWN.COM, a supplied command procedure that shuts down a specific service component without affecting the other services that are running.

To preserve site-specific parameter settings and commands for a specific service, create the following files, specifying the service or component name for service. These files are not overwritten when you reinstall TCP/IP Services:

  • SYS$STARTUP:TCPIP$service_SYSTARTUP.COM can be used to store site-specific startup commands.
    This procedure is invoked by the appropriate service-specific startup procedure prior to running the service. Use the *_SYSTARTUP procedure to modify the behavior of the service each time the service or TCP/IP Services is restarted. For example, to enable debugging mode for DHCP, define the logical TCPIP$DHCP_DEBUG in the SYS$STARTUP:TCPIP$DHCP_SYSTARTUP.COM file. When DHCP next starts, it will run in debug mode.
  • SYS$STARTUP:TCPIP$service_SYSHUTDOWN.COM can be used to store site-specific shutdown commands.

Service-specific startup and shutdown procedures, as well as configuration parameters, are described in the later chapters of this manual.

1.1.5 Editing Configuration Files

Several facilities can be managed using configuration options in a facility-specific configuration file. The following facilities support configuration files:

  • SMTP
  • IMAP

A configuration file is an ASCII text file consisting of one or more lines formatted as follows:

Field1: Value1 Field2: Value2

In this format:

  • Field names start in column 1, are terminated with a colon (:), and are not case sensitive.
  • Values vary depending on the field.
    If a value consists of a list of items, specify them on multiple lines by pressing the Tab key before continuing the value on the subsequent lines. For example:

    Field1: Item1,
    Field2: Value2

    Or specify each value as a separate instance of the same field. For example:

    Field1: Item1 Field1: Item2 Field1: Item3

    An alternative format is:

    Field1: Item1, Item2, Item3

    The maximum number of characters in a value is 500. Unless otherwise noted, a field's value is not case sensitive.
    Fields described as Boolean have the following legal values:
    To turn the feature on To turn the feature off
    ON OFF
    1 0
    YES NO

To comment out a line, type an exclamation point (!) in column 1.

1.2 Enabling PATHWORKS/Advanced Server and DECnet-over-TCP/IP Support

TCP/IP Services software includes the PATHWORKS Internet Protocol (PWIP) driver and the PWIP ancillary control process (PWIP_ACP).

The PWIP driver allows OpenVMS systems that are running both the HP PATHWORKS/Advanced Server and the TCP/IP Services software to communicate with personal computers running PATHWORKS client software. It also enables the DECnet-over-TCP/IP feature, which is included with the DECnet-Plus for OpenVMS Version 6.0 and later software. For more information about DECnet over TCP/IP, see the DECnet-Plus for OpenVMS documentation.

1.2.1 Starting and Stopping the PWIP Driver

The PWIP driver can be shut down and started independently. The following files are provided:

  • SYS$STARTUP:TCPIP$PWIP_DRIVER_STARTUP.COM allows you to start up the PWIP driver.
  • SYS$STARTUP:TCPIP$PWIP_DRIVER_SHUTDOWN.COM allows you to shut down the PWIP driver.

To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services.

  • SYS$STARTUP:TCPIP$PWIP_DRIVER_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when the PWIP driver is started.
  • SYS$STARTUP:TCPIP$PWIP_DRIVER_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when the PWIP driver is shut down.

To start the PWIP driver, run TCPIP$CONFIG or enter the following command:


To shut down the connection to the PWIP driver, enter the following command:


1.3 Setting Up User Accounts and Proxy Identities

You will need to set up accounts for local users, coordinate the establishment of corresponding accounts on remote systems, and create accounts for remote users who will be accessing server components on the local host.

When creating accounts for remote users, you can create one account for all remote users, an account for groups of remote users, or accounts for individual users. The strategy you use depends on your organization, system resources, and security needs.

Certain product components (for example, LPD, RSH, RLOGIN, and NFS) act as servers for remote clients. You control access to your system and to these services by giving remote users proxy identities. A proxy identity maps a user account on one host to an account on another host. The information you provide with each entry, along with the privileges you set for the account, lets you specifically grant or deny access to your system.

The configuration procedure TCPIP$CONFIG creates a proxy database file called TCPIP$PROXY. You add proxies to this database with the ADD PROXY command. The TCP/IP Services product allows the following two types of proxies:

  • Communication proxy
    A communication proxy provides an identity for remote users of RSH, RLOGIN, RMT/RCD, and LPD. For each host, be sure to define the host name and any aliases. Proxy entries are case sensitive. Be sure to use the appropriate case when adding entries for remote users. Enter the ADD PROXY command as follows:

    TCPIP> ADD PROXY user /HOST=host /REMOTE_USER=user

    You can use wildcards when adding proxy entries for users on remote systems. For example, the following command provides the identity STAFF to any user on the remote host STAR:

  • NFS proxy
    NFS proxies provide identities for users of NFS client, NFS server, and PC-NFS. In addition to host and user information, NFS proxies provide UNIX identities with UID/GID pairs. NFS proxies can specify access to the NFS client or the NFS server, or both.
    For example, the following command provides the OpenVMS identity CHESTER for a local NFS client user with the UID/GID pair 23/34.


    This user can access remote files from the NFS server orbit .

See the HP TCP/IP Services for OpenVMS Management Command Reference manual for a complete description of the ADD PROXY command. For a more complete discussion about UNIX style identities and how the NFS server and client use the proxy database, see Chapter 22.

1.4 Configuring a TCP/IP Cluster

If your host is part of an OpenVMS Cluster, you can use a cluster alias to represent the entire cluster or selected host members. In this case, the network sees the cluster as a single system with one name. Alternatively, you can configure clustering using a DNS alias, as described in Chapter 6.

Incoming requests are switched among the cluster hosts at the end of each cluster time interval (specified with the SET COMMUNICATION command).


The cluster name is not switched from a host if there are any active TCP connections to the cluster interface on that host.

A remote host can use the cluster alias to address the cluster as a single host or the host name of the cluster member to address a cluster member individually.

All of the TCP/IP services support automatic failover and can be run on multiple nodes in an OpenVMS Cluster. For example, if more than one host in the cluster is running the NFS server, the cluster can appear to the NFS client as a single host. For more information about configuring a specific service for cluster failover, refer to the chapter in this manual that discusses the particular service.

1.4.1 Setting Up an ARP-Based Cluster

HP strongly recommends using the configuration procedure TCPIP$CONFIG to configure a TCP/IP cluster. If you cannot run TCPIP$CONFIG, configure a TCP/IP cluster by completing the following steps:

  1. Create the interfaces for all cluster members.
  2. Interactively specify an ARP-based cluster alias (for example, ALLOFUS). Enter:

  3. Make these settings permanent in the configuration database. Enter:


    The interface changes take effect the next time the product starts up.
  4. Add the cluster host name or the cluster IP address to the database of the host. Enter the same information you use with the SET INTERFACE command.
  5. Change the interface parameters (specified with the SET INTERFACE command) only after deleting and re-creating an interface.

1.5 Auxiliary Server

The auxiliary server is the TCP/IP Services implementation of the UNIX internet daemon ( inetd ). In addition to standard inetd functions, the auxiliary server provides access control and event logging.

The auxiliary server listens continuously for incoming requests and acts as a master server for programs specified in its configuration file. The auxiliary server reduces the load on the system by invoking services only as they are needed.

1.5.1 How the Auxiliary Server Works

The auxiliary server listens for connections on the internet addresses of the services that its configuration file (TCPIP$SERVICES.DAT) specifies. When a connection is found, it invokes the server daemon for the service requested. Once a server is finished, the auxiliary server continues to listen on the socket.

When it receives a request, the auxiliary server dynamically creates a network process, obtaining user account information from one or all of the following sources:

  • TCP/IP Services proxy account
  • Services database
  • Remote client
  • Local OpenVMS user authorization file (UAF)

In addition, users requesting services at the client can include their user account information as part of the command line.

Once a process is created, the auxiliary server starts the requested service. All services except RLOGIN and TELNET must have access to their default device and directories and to the command procedures within them. Rejecting Client Requests

The auxiliary server rejects client requests for the following reasons:

  • The maximum number of simultaneous processes for the requested service has been reached.
  • The request is from a host that is marked for rejection.
  • There is a problem with the target account or directory. Configuring the Auxiliary Server

The postinstallation configuration procedure, TCPIP$CONFIG, creates an entry in the services database (TCPIP$SERVICE.DAT) for each service you configure. If you need to modify your initial configuration, run TCPIP$CONFIG or use the SET SERVICE command.

The configuration file TCPIP$SERVICE.DAT includes information about the service name, the socket and protocol type associated with the service, the user name under which the service should run, and any special options for the service program.

Before you activate a service manually, configure the auxiliary server as follows:

  1. Use the OpenVMS Authorize utility to create a restricted user account for the process. Use the following qualifiers when creating the account:
    • /NOBATCH

    For more information about creating restricted accounts, see the OpenVMS system security documentation.
  2. Provide user account information that can be used when the network process is created. Plan your requirements carefully before setting privileges, quotas, and priorities to user accounts.
  3. Provide the network process name.
    The auxiliary server builds the network process name from the character string in the services database. Enter this string with the SET SERVICE command:

    TCPIP> SET SERVICE service /PROCESS_NAME=process


    For TELNET and RLOGIN, the process name is set by either the system or users.
  4. Set the maximum number of server processes that can run simultaneously. This number should not exceed the maximum number of sockets allowed on the system. To set the maximum number of processes that can connect to a service at the same time, enter the following TCP/IP management command:

    TCPIP> SET SERVICE service-name /LIMIT=n

    In this command, service-name is the name of the service to which the connections will be limited, and n is the number of connections that will be accepted by the service at one time.
    To activate the change, disable the service using the DISABLE SERVICE command, and then enable it using the ENABLE SERVICE command.
  5. Make sure that the protections in the systemwide SYLOGIN.COM file are set appropriately. If they are not, enter the following DCL command:

  6. To ensure that the services database has an entry for each service offered, enter the SHOW SERVICE command.

1.6 Enabling Services

The services you configured are enabled during the TCP/IP Services startup procedure. Afterwards, to initialize (enable) a service, enter the following command:


The ENABLE SERVICE command immediately changes the running system. The SET CONFIGURATION ENABLE SERVICE command causes the services to be enabled the next time TCP/IP Services starts up.

To specify the type of socket, include the /PROTOCOL qualifier on the SET SERVICE command line. For example, to specify stream sockets, enter /PROTOCOL=TCP. To specify datagram sockets, enter /PROTOCOL=UDP.

The auxiliary server can set socket options for a requested service either before or during data communications. Some available options are:

  • KEEPALIVE (for TCP communications)
  • BROADCAST (for UDP communications)

To set the socket options, include the /SOCKET_OPTIONS qualifier on the SET SERVICE command.

1.6.1 Setting Up Event Logging

Event logging can help you manage the software. By default, user-defined services do not log events, but you can enable event logging for all or selected configured services. You can configure the product to log events to the operator's console, a log file, or both. To set up event logging, enter the following command:


For a list of all the logging options, see the SET SERVICE command description in the HP TCP/IP Services for OpenVMS Management Command Reference manual.

Some product components provide additional event logging capabilities. See individual component chapters for more information.

Previous Next Contents Index