This section describes how to control which hosts have remote interactive access to a terminal's Configuration and Preferences daemons. Excluding a host from this form of access does not mean that the host cannot download remote configuration files to the terminal; it only prevents remote access through a TELNET connection or Change Setup Parameters, Change Quick Setup, and Change User Preferences.

Host access control is turned off by default, allowing access to configuration data from any host. You can allow access from a list of specified hosts or prevent all access.

Allowing Access from Specified Hosts

To establish a list of hosts that have access to a terminal's configuration data:

• Enable host access control by setting config-access-control-enabled to "true" (Setup -> Change Setup Parameters -> Access Control -> [Configuration Daemon section] Enable Config Access Control).

  Table 6-13 config-access-control-enabled Parameter

  Possible Values	Result
  default	false
  false	Requests from outside the terminal for access to the terminal's configuration data are not checked against the access control list. A user from any host who possesses the proper password may access the daemon.
  true	Requests from outside the terminal for access to configuration data are checked against the access control list. Only users from listed hosts may access the daemons.

  
  

• List all of the hosts that have access in the config-access-control-list table (Setup -> Change Setup Parameters -> Access Control -> [Configuration Daemon section] Config Access Control List).

  Table 6-14 config-access-control-list Table Entries

  Entry	Default	Result
  host	nil	If access control is turned on, no hosts are allowed to access the terminal's Configuration and User Preferences daemons remotely.
  	hostname or IP_address	A host granted permission to access the terminal's Configuration and User Preferences daemons remotely through a TELNET connection.
  family	tcpip	This host has access through the TCP/IP protocol family.
  	ncdnet	This host has access through the DECnet protocol family.

  
  
  For example, to allow access from some hosts:
  

  
  config-access-control-enabled = true
  config-host-access-control-list = {
       {eagle tcpip}
       {peregrine ncdnet}
       {ncdu21 tcpip}
       {ncdu21 ncdnet}
       }
  

  
  Note that a host must have two entries if it is allowed access through both the TCP/IP and DECnet protocol families.
  

You can now access the terminal's Configuration and User Preferences daemons remotely only from a host listed in the config-access-control-list table.

Preventing All Remote Access to the Terminal's Configuration Data

If no hosts should have access to the terminal's configuration data, set the config-access-control-enabled parameter to "true" and make sure the config-access-control-list table is empty, that is:

config-access-control-list = {}

The terminal's Configuration and User Preferences daemons can now be accessed only locally through Change Setup Parameters, Change Quick Setup, and Change User Preferences.