From:	HENRY::IN%"CHAA006%vaxb.rhbnc.ac.uk%CS.UCL.AC.UK%SRI-KL.ARPA%relay.cs.net@rca.com" 20-SEP-1986 20:49
To:	INFO-VAX <INFO-VAX%SRI-KL.ARPA@CS.UCL.AC.UK>
Subj:	Re: request for information on PSIAUTHORISE.

Via:   UK.AC.CAMBRIDGE.PHYSICS.HEP ;  Tue, 16 Sep 86 18:02 BST
        (V34 at UK.AC.RUTHERFORD.GEC-B)
Date:		16-SEP-1986 17:53:23
From:		PAE1@UK.AC.CAM.PHY-HEP
To:		VMS-COMMS@UK.AC.RL.GB
Subject:	PSIAUTHORIZE simple working example

	In reply to a recent query about PSIAUTHORIZE.

	Yes, I also had troubles trying to use it in the first 
release that came out with VMS 4.0 . Not only did it sometimes
crash, but the documentation was somewhat obscure. Now we are
up to VMS 4.3 and PSI 3.2 plus approved patches (although we
have not put in the latest set). Recently (about when students
finish their exams...) we had a spate of failed login attempts
from all over the place. We found out where they came from with 
the REMDTELOG suite of programs available from RAL support, and
then set them ups as HACKER_DTEs via PSIAUTHORIZE so that they
will never trouble us again. The relevant bits of the command file
are appended below.

	Patrick Elcombe.

$!	PSI_SECURITY.COM
$!PAE 10-June-1986 try to use these facilities.
$!
$!First attempt is to divide up the world into two classes of
$!DTEs, namely HACKER_DTE from which incoming calls are banned,
$! and OTHER_DTE for which incoming and outgoing both work.
$!
$run sys$system:psiauthorize
ADD/ID HACKER_DTE
ADD/ID OTHER_DTE
GRANT/ID/DTE/NET=PSS HACKER_DTE <12digit DTE number here>
<repeat the above for all DTEs in the HACKER class>
GRANT/ID/DTE/NET=PSS OTHER_DTE ALL !all others have to be identified
!
SET DTE ALL/NET=PSS/ACL=(ID=HACKER_DTE,ACCESS=OUTGOING+CHARGE)
SET DTE ALL/NET=PSS/ACL=(ID=*,ACCESS=INCOMING+OUTGOING+CHARGE) !Other DTEs here
!
EXIT
$!end for now
$EXIT