Host authenticationRPC connections

RPC connections

This section provides RPC connection authentication.

RPC connections, such as those from the D3 File Manager or triggers, are not authenticated. Additionally, RPC connections from a 32-bit D3TCL client cannot be made to 64-bit D3 server versions (10.x and above).

Clients will be logged into D3 using a user-id as follows:

  • Telnet clients connecting with HAForceCheck disabled will have the same user-id as the D3 process.
  • Telnet clients connecting with HAForceCheck enabled will be prompted for logon credentials and the provided user-id will be used.
  • RPC clients automatically connecting due to a trigger run from a Telnet client will have the same user-id as the Telnet client with $line$ appended.
  • RPC clients automatically connecting due to a trigger run from another RPC client (For example: The D3 File Manager) will have the same user-id as the D3 process with an "_" appended.
  • RPC clients logging into the VME (For example: The D3 File Manager in the Compile window) will have the user-id of RPC client process with an "_" appended.

RPC connection rules

RPC connections from a 32-bit D3TCL client to a D3 9.1 or 9.2 server are authenticated using the following rules:

DefaultD3TclHAForceCheck parameter is set to 1

If the DefaultD3TclHAForceCheck parameter is set to 1, the requirement to provide logon credentials is on and the following occurs:

Note: This is the recommended configuration because valid credentials are required

D3 9.1 or D3 9.2 clients

  • If no credentials or invalid credentials are specified, the logon will fail.

    For example: d3tcl or d3tcl -u nonexistentuser,badpassword

  • If valid credentials are specified, the client will be authenticated and logon as realuser.

    For example: d3tcl -u realuser,goodpassword

  • If dm is specified, the client will be authenticated and logon as dm.

    For example: d3tcl -u dm

D3 9.0 and earlier clients

  • If invalid credentials are specified, the logon will fail.

    For example: d3tcl -u nonexistentuser,badpassword

  • If valid credentials are specified, the client will be authenticated and logon as realuser.

    For example: d3tcl -u realuser,goodpassword

  • If dm is specified, the client will be authenticated and logon as dm.

    For example: d3tcl -u dm

DefaultD3TclHAForceCheck parameter is set to 0

If DefaultD3TclHAForceCheck is set to 0, the requirement to provide logon credentials is off and the following occurs:

Warning: It is not recommended to run in this configuration because clients prior to D3 9.1 are not authenticated.

D3 9.1 or 9.2 clients

  • If no credentials are specified, the client will have the user-ID of the RPC client process with an underscore character (_) appended.

    For example: d3tcl

  • If invalid credentials are specified, the logon will fail.

    For example: d3tcl -u nonexistentuser,badpassword

  • If valid credentials are specified, the client will be authenticated and logon as realuser.

    For example: d3tcl -u realuser,goodpassword

  • If dm is specified, the client will be authenticated and logon as dm.

    For example: d3tcl -u dm

D3 9.0 and earlier clients

  • Regardless of whether valid or invalid credentials are specified, the client will not be authenticated, but will logon as nonexistentuser.

    For example: d3tcl -u nonexistentuser,badpassword

  • If dm is specified, the client will be authenticated and logon as dm.

    For example: d3tcl -u dm

Parent topic: Host authentication