The 'options <protocol>.enable' command enables and disables the <protocol>. With ONTAP 6.2, there is a new feature called protocol access control which allows you to control access to a particular protocol. Check out na_protocolaccess(8) for more details; but the general syntax is:
'options <protocol>.access <access_spec> [[AND|OR <access_spec>] ... ]' where <access_spec> is:
host [= | != ] <host_spec> if [= | != ] <network interface spec> legacy none all
<host_spec> is a comma-separated list of host names or IP addresses <network interface spcec> is a comma-separated list of network interface names.
The legacy keyword means use the old method for control. For telnet and httpd.admin, it is telnet.hosts. However, if you disable telnet, then trusted.hosts is not looked at. The same goes for httpd.admin.
To answer the original question:
"I'm trying to configure ssh/https admin access from any host to a filer, but no telnet, no http admin"
Try this:
options ssh.enable on options ssl.enable on options telent.enable off options httpd.admin.enable off
The 'options http.enable off' command will disable http access, not http admin access. You do need SecureAdmin installed as well.
-----Original Message----- From: Piotr KUCHARSKI [mailto:chopin@sgh.waw.pl] Sent: Tuesday, August 20, 2002 11:17 AM To: toasters@mathworks.com Cc: Moritz Willers Subject: Re: secure filer access
On Wed, Aug 14, 2002 at 05:34:30PM +0100, Moritz Willers wrote:
I'm trying to configure ssh/https admin access from any
host to a filer,
but no telnet, no http admin
You need to have SecureAdmin installed and then options: ssh.enable on ssl.enable on httpd.enable off [1] telnet.enable off
Plus perhaps trusted.hosts
and rsh access from one host only (the admin host).
That I don't know, I use 'option rsh.enable off'
p.
[1] Hm, not sure if I still need these options: httpd.access legacy httpd.admin.access host=adm.ho.st.ip httpd.admin.enable on
These options above state:
1. for the HTTP protocol, use legacy, which means access is allowed for all users. 2. for administrative HTTP, only the host adm.ho.st.ip is allowed access.
Hope this helps,
- Rick -