CMVC/TEAMCONNECTION: HOW TO COPE WITH DYNAMIC IP ADDRESSES Document Number TR 29.2322 Angel Rivera, Sam Ruby and David Carson TeamConnection Development IBM Software Solutions Research Triangle Park, North Carolina Copyright (C) 1997 IBM Corp. All rights reserved. ii How to cope with dynamic IP addresses ABSTRACT This technical report describes two alternatives on how to cope with dynamic IP addresses when using CMVC and TeamConnection clients: what the problem is, what are some alternatives, and how to get the tools mentioned in the alternatives. ITIRC KEYWORDS o CMVC o TeamConnection o dynamic IP addresses ABSTRACT iii iv How to cope with dynamic IP addresses ABOUT THE AUTHORS ANGEL RIVERA Mr. Rivera is an Advisory Software Engineer and team lead for the development of CMVC 2.3. He joined IBM in 1989 and since then has worked in the development and support of library systems. Mr. Rivera has an M.S. in Electrical Engineering from The Univer- sity of Texas at Austin, and B.S. in Electronic Systems Engi- neering from the Instituto Tecnologico y de Estudios Superiores de Monterrey, Mexico. SAM RUBY Mr. Ruby is a Senior Software Engineer and the lead architect of TeamConnection. He was previously lead architect of the mainframe library product, SCLM. Mr. Ruby joined IBM in 1981, working on software tools for the Federal Systems Division. DAVID CARSON David Carson was a member of the TeamConnection team, working primarily with the SQL interface. He developed the REXX tools to add/delete on demand the host list entries mentioned in this technical report. David has a B.A. from Geneva College in English and an M.Sc. from the University of Pittsburgh in Computer Science. He joined IBM in 1989, working in the Networking Hardware Division on ISDN and ATM adapter software. In 1996 he transferred to the Software Solutions Division to work on TeamConnection. In August 1997, he left IBM and joined IVC (Intelligent Visual Computing) in Apex, North Carolina. ABOUT THE AUTHORS v vi How to cope with dynamic IP addresses CONTENTS ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . III ITIRC KEYWORDS . . . . . . . . . . . . . . . . . . . . . iii ABOUT THE AUTHORS . . . . . . . . . . . . . . . . . . . . . . V Angel Rivera . . . . . . . . . . . . . . . . . . . . . . . v Sam Ruby . . . . . . . . . . . . . . . . . . . . . . . . . v David Carson . . . . . . . . . . . . . . . . . . . . . . . v 1.0 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Clarification that CMVC and TeamConnection are not compatible . . . . . . . . . . . . . . . . . . . . . . . . 1 2.0 WHAT THE PROBLEM IS WHEN USING DYNAMICALLY ASSIGNED IP ADDRESSES . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 How the "host list entry" authentication mechanism works . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Description of the problem when using dynamic IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 What are the solutions to this problem . . . . . . . . 5 3.0 USING THE SOCKET ROUTER (TCROUTER) . . . . . . . . . . . 7 3.1 Overview of the Socket Router . . . . . . . . . . . . 7 3.2 Operational details of the Socket Router . . . . . . . 7 3.3 Setup and usage of Socket Router (tcrouter) . . . . . 9 4.0 ADDING DYNAMICALLY-GENERATED HOST NAMES TO HOST LISTS 13 4.1 Setup of the utilities . . . . . . . . . . . . . . . 13 4.1.1 Configuration of sethostl . . . . . . . . . . . . 13 4.1.2 Configuration of addhostl . . . . . . . . . . . . 14 5.0 MISCELLANEOUS TOPICS . . . . . . . . . . . . . . . . . 15 5.1 How to test the connectivity of a host . . . . . . . 15 5.1.1 Using the ping command . . . . . . . . . . . . . 15 5.1.2 Using the host command (or equivalent) . . . . . 16 5.1.3 Using the nslookup command . . . . . . . . . . . 16 5.2 How to cope with common error messages . . . . . . . 17 5.2.1 Error message 0010-100: userid was not found . . 17 5.2.2 Error message 0010-057: host list entry . . . . . 18 5.3 Summary of the authentication function in TeamConnection . . . . . . . . . . . . . . . . . . . . . 20 6.0 HOW TO OBTAIN THE TOOLS . . . . . . . . . . . . . . . 21 6.1 IBM Intranet . . . . . . . . . . . . . . . . . . . . 21 6.1.1 Web Home Page . . . . . . . . . . . . . . . . . . 21 6.1.2 FTP . . . . . . . . . . . . . . . . . . . . . . . 21 6.2 Internet . . . . . . . . . . . . . . . . . . . . . . 21 6.2.1 Web Home Page . . . . . . . . . . . . . . . . . . 22 6.2.2 FTP . . . . . . . . . . . . . . . . . . . . . . . 22 Contents vii 7.0 COPYRIGHTS, TRADEMARKS AND SERVICE MARKS . . . . . . . 23 viii How to cope with dynamic IP addresses 1.0 INTRODUCTION This technical report describes two alternatives on how to cope with dynamic IP addresses when using the CMVC and TeamConnection clients: what the problem is, what are some alternatives, and how to get the tools mentioned in the alternatives. 1.1 CLARIFICATION THAT CMVC AND TEAMCONNECTION ARE NOT COMPATIBLE Even though CMVC and TeamConnection have a lot in common (including the same way of dealing with dynamically assigned IP addresses), they are not compatible. Thus, whenever we say in this document "the CMVC/TeamConnection client interacts with the CMVC/TeamConnection server" we mean that the CMVC client interacts with the CMVC server, and that the TeamConnection client interacts with the TeamConnection server; that is, we do not mean that the CMVC client can interact with the TeamConnection server, nor that the TeamConnection client can interact with the CMVC server. Introduction 1 2 How to cope with dynamic IP addresses 2.0 WHAT THE PROBLEM IS WHEN USING DYNAMICALLY ASSIGNED IP ADDRESSES A common strategy employed by TCP/IP based applications is to validate requests based on the host that issued the request. Examples of products which employ this strategy include CMVC, and TeamConnection. This poses a problem for many users that do not have predefined host addresses. This includes many who are mobile or work from home, it also includes diskless workstations which promise to be popular in corporations concerned about the high cost of PC own- ership. Simply put, such users are locked out. Any requests they make will fail the authentication checks in place in the products they try to use. 2.1 HOW THE "HOST LIST ENTRY" AUTHENTICATION MECHANISM WORKS The only method used by CMVC and the default method used by TeamConnection to authenticate users is by a "host list entry", which is a unique set of the following three values: o The CMVC or TeamConnection user id, such as "builder". o The system login id, such as "joe". o The host name, such as "oem-ppc1.raleigh.ibm.com". As shown in the example in Figure 1, the Client requests a service from the Family Server in transaction (1), which will be performed by the Family Server in transaction (2). +------------------+ +------------------+ | Family Server | 1 | Client | | |<----| | | family: testfam | | login: builder | | host: carcps22 |---->| host: oem-ppc1 | | port: 1410 | 2 | userid: joe | +------------------+ +------------------+ Figure 1. Using the host list entry authentication mechanism The Family Server does the following: What the problem is when using dynamicallyaddresses I3 1. Authentication phase (are you who you claim to be?) a. Determines if the "user id" from the client is a valid CMVC or TeamConnection user. b. If it is a valid user, then the Family Server determines if the user has a valid host list entry. The host list entry must have a host name that can be resolved to an IP address. See 5.2, "How to cope with common error messages" on page 17 for details on how to solve common errors due to userids or host list entries that are not valid. c. If the host list entry is valid, then the Family Server ends the "authentication" phase, and begins the "authori- zation" phase. 2. Authorization phase (are you authorized?) a. Determines if the user is a super user, if so, then this user is authorized to do any valid action. b. If the user is not a super user, then the Family Server determines if the requested action is a basic action (such as Defect Open) or an implicit one (such as modi- fying a defect if the user is the owner of it). c. If the action is neither basic nor implicit, then the Family Server determines if there is a valid access record for that user. 2.2 DESCRIPTION OF THE PROBLEM WHEN USING DYNAMIC IP ADDRESSES In order for this host list entry to be recognized by CMVC or TeamConnection, the specific host name must have a static IP address in the TCP/IP network, such as "9.37.199.97", in other words, an IP address that is constant and does not change with each TCP/IP session. See 5.1, "How to test the connectivity of a host" on page 15 for the details on how to determine if the host name has an associated IP address. The traditional way to add a host list entry is by specifying the host name; if you specify an IP address, then the CMVC server or the TeamConnection server will resolve the IP address to a host name and puts the host name in the database. However, in some organizations, the IP addresses are not stat- ically assigned to host names. Instead, when you access the network, you are given an IP address that is dynamically gener- ated which only lasts the duration of your session, so there are no host names assigned to this temporary IP address. This is 4 How to cope with dynamic IP addresses common when working with DHCP (Dynamic Host Configuration Pro- tocol) in networks predominantly with Windows workstations; it is used too with the IBM Global Network Dialer. The problem when using CMVC/TeamConnection in such a network (a network that uses IP address that are dynamically assigned) is that the user cannot interact with CMVC/TeamConnection because the user cannot provide the host name, which is needed in the authentication method of CMVC/TeamConnection. 2.3 WHAT ARE THE SOLUTIONS TO THIS PROBLEM o The default authentication method in TeamConnection is to use the host list entries. However, there are other methods that can be used that require a password to login into TeamConnection; these methods do not care if the host has a dynamically assigned IP address. For more details see 5.3, "Summary of the authentication function in TeamConnection" on page 20. o The following solutions to this problemmust have at least one host in the network that has a static IP address and a host name associated with it. The CMVC/TeamConnection client and the tools described here are installed in that host, and that host will interact directly with CMVC/TeamConnection. - Using a socket router. See 3.0, "Using the Socket Router (tcrouter)" on page 7. The advantage of this solution, with respect to the REXX tools mentioned below, is that there is no need to add and delete the transient host names and dynamically assigned IP addresses to the CMVC/TeamConnection family server. - Using REXX tools to add/delete the transient IP addresses. See 4.0, "Adding dynamically-generated host names to host lists" on page 13. The advantage of this solution, with respect to the socket router above, is that the scripting tools can be quickly adapted to the platforms that are not yet sup- ported by the socket router. What the problem is when using dynamicallyaddresses I5 6 How to cope with dynamic IP addresses 3.0 USING THE SOCKET ROUTER (TCROUTER) 3.1 OVERVIEW OF THE SOCKET ROUTER This solution involves a socket router application. It consists of two parts, one that resides on a well known host with access to the desired application, and another that resides on the user's remote machine that has an IP address that is assigned dynamically. The portion that resides on the well known host waits listening to a socket address. For security reasons, it requires a special login request prior to all other messages. This request involves comparing a password provided by the user against one on the server. Once this request is complete, all future requests from this dynamic host are forwarded onto the desired application and all messages returned are similarly forwarded back. The portion that resides on the remote machine is simply respon- sible for issuing the login request. After this is completed, all other requests are handled transparently. The only remaining task the user is responsible for is updating the settings of the tool to direct the messages to the well known host instead of the server. Some tools, like TCPDial, are capable of launching programs upon connection, allowing the setup to be completely automated. The security in this implementation consists of a total of three parts, knowledge of what server the router is running on, know- ledge of what port it is listening to, and knowledge of the pass- word it expects. 3.2 OPERATIONAL DETAILS OF THE SOCKET ROUTER This solution uses a Socket Router (called tcrouter) which serves as an intermediary between the Family Server and the CMVC/TeamConnection clients that use a dynamically assigned IP address. As shown in Figure 2 on page 8, the key concepts are: Using the Socket Router (tcrouter) 7 o For all practical purposes, the Client with dynamically assigned IP address ("1.2.3.4") interacts with the proxy Family Server in host "oem-ppc1". This Client is not aware that the real family is in the host "carcps22". This is the client that provides the system login id ("builder") and the CMVC/TeamConnection userid ("joe"). o For all practical purposes, the real Family Server in host "carcps22" interacts with the proxy Client in host "oem-ppc1". The real family server is not aware that the actual client is in the host "1.2.3.4". o The CMVC/TeamConnection client must be installed in the host with dynamically assigned IP address "1.2.3.4". Although it is not required, it is a good idea to install the CMVC/TeamConnection client also in the intermediary host with the static IP address "oem-ppc1", in that way you can use the client when you work directly from this host. o The Socket Router must be installed and operational in the host "oem-ppc1", which will serve both as the proxy Family Server (with respect to the host "1.2.3.4") and the proxy Client (with respect to the host "carcps22"). o The Socket Router must be installed and operational in the host "1.2.3.4". o The Family Server sees the requests coming from the host "oem-ppc1" (the proxy Client) but the system login "builder" and userid "joe" are provided by the real Client. This means that the Family Server must have a host list entry with these values. proxy Client real Client +------------------+ +------------------+ +------------------+ | Family Server | 2 | Socket Router | 1 | Client | | |<----| |<----| | | family: testfam | | family: testfam | | login: builder | | host: carcps22 |---->| host: oem-ppc1 |---->| host: 1.2.3.4 | | port: 1410 | 3 | port: 1410 | 4 | userid: joe | +------------------+ +------------------+ +------------------+ real Family Server proxy Family Server Figure 2. Using the Socket Router as an intermediary Let's take a closer look at the sequence of events when the real Client in host "1.2.3.4" interacts with the real Family Server in host "carcps22" by using the Socket Router in host "oem-ppc1": 8 How to cope with dynamic IP addresses 1. The Client in host "1.2.3.4" issues a CMVC/TeamConnection command to the proxy Family Server in host "oem-ppc1". This Client is not aware that the real Family Server is in host "carcps22". 2. The Socket Router in host "oem-ppc1", serving as the proxy Family Server to the real Client, changes roles and acts as the proxy Client and forwards the request to the real Family Server in host "carcps22". 3. The real Family Server receives the command, performs the authentication phase, then the authorization phase. Finally, the response is sent back to the proxy Client. The real family server is not aware that the actual client is in the host "1.2.3.4". 4. The Socket Router in host "oem-ppc1", serving as the proxy Client to the real Family Server, changes roles and acts as the proxy Family Server and forwards the results to the real Client in host "1.2.3.4". NOTES: 1. The application is fully multi-threaded and the overhead appears to be negligible. 2. So far, the tcrouter code is only available for OS/2 (tcrouter.os2) and Windows 32-bit (tcrouter.win). 3.3 SETUP AND USAGE OF SOCKET ROUTER (TCROUTER) The procedure shown below uses the values mentioned in the example in Figure 2 on page 8. NOTE: When you obtain the tools, get "tcrouter.os2" for OS/2 or "tcrouter.win" for Windows 32-bit and rename it "tcrouter.exe". 1. Get the tcrouter executable code, see 6.0, "How to obtain the tools" on page 21 for details. 2. Things to do in the host that has a static IP address (the one that will serve as the proxy between the real Family Server and the real Client): a. (Optional) Install the CMVC/TeamConnection Client. b. Set the value for the CMVC or TeamConnection family to be the real Family Server, such as: Using the Socket Router (tcrouter) 9 set TC_FAMILY=testfam@carcps22@1410 or set CMVC_FAMILY=testfam@carcps22@1410 NOTE: If both variables are set, TC_FAMILY will prevail. c. Add a valid host list entry for this client. If you installed the CMVC/TeamConnection client, then verify that the client can interact with the real Family Server. d. Place the tcrouter executable code in this host. e. Enter the following command in OS/2 or in Windows 32-bit to start the Socket Router: start tcrouter -password anystring ********* --> specify your password here 3. Things to do in the host that has a dynamically assigned IP address: a. Install the CMVC/TeamConnection client. b. Change the value for the CMVC or TeamConnection family to be proxy Family Server such as: set TC_FAMILY=testfam@oem-ppc1@1410 or set CMVC_FAMILY=testfam@oem-ppc1@1410 NOTE: If both variables are set, TC_FAMILY will prevail. c. Ensure that your system login and the CMVC/TeamConnection user id match the ones used in the host list entry. d. Place the tcrouter executable code in this host. e. Before you invoke the CMVC/TeamConnection commands, start the Socket Router: tcrouter -logon -password anystring ********* --> specify your password here NOTE: The password will default to the value of TELNET.PASSWORD.ID or PASSWD. If everything is OK, then you will see the following message: login accepted 10 How to cope with dynamic IP addresses f. Once you have been validated, you can now use the CMVC/TeamConnection client. g. To stop the Socket Router, you can issue: tcrouter -logoff You will see the following message: logoff complete Using the Socket Router (tcrouter) 11 12 How to cope with dynamic IP addresses 4.0 ADDING DYNAMICALLY-GENERATED HOST NAMES TO HOST LISTS One solution to the problem of dynamic IP addressing is to create a host list entry for the newly acquired IP address. The fol- lowing utilities can be used to automate this process. o addhostl This utility simply figures out the new IP host name and passes it along to "sethostl" (see next item). For systems which do not create a host name, "addhostl" could easily be modified to pass the IP address instead of the host name. o sethostl This utility performs two functions: 1. It removes old addresses that were previously added by this utility. This is necessary to minimize the number of unused host list entries currently in the CMVC or TeamConnection database. For this step to be possible, the dynamic host names must exhibit some pattern that distinguishes them from perma- nent host names. Once this pattern is identified, the function "matchDynamicAddress" should be modified to return 1 whenever it matches this pattern. 2. It adds the host name (which as passed as an input param- eter) to the CMVC or TeamConnection database. 4.1 SETUP OF THE UTILITIES To set up the utilities, you must have access to a machine which has a permanent host list entry in CMVC/TeamConnection. Also, you must get the tools, see 6.0, "How to obtain the tools" on page 21 for details. 4.1.1 Configuration of sethostl ________________________________ This is where sethostl will be placed, giving it the authority to make the change to the database. The machine must have an rexec daemon running for which you have a username/password combina- tion. You should modify two things in sethostl for your system: Adding dynamically-generated host names to host lists 13 o The variable cmvcUserID should be set to your user ID on CMVC. o The procedure matchDynamicAddress must be modified to match the pattern of your dynamic addresses but not those permanent host names which might have host list entries in CMVC/TeamConnection The procedure by default matches the TCP Dial-style dynamic host names. 4.1.2 Configuration of addhostl ________________________________ Place addhostl on the machine which gets its host name dynam- ically. Then you should do the following: o Modify the variable permHost to be the name of the machine where you placed sethostl. o To allow rexec to pass the command to sethostl without inter- vention, the username/password combination must be known to addhostl. This can be done in one of two ways: - The username and password can be specified with the command line options -l and -p respectively. - The NETRC file can have an entry for the permanent machine. See the TCP/IP documentation for how to set up NETRC. 14 How to cope with dynamic IP addresses 5.0 MISCELLANEOUS TOPICS 5.1 HOW TO TEST THE CONNECTIVITY OF A HOST Sometimes it is important to test the connectivity of a host in order to properly diagnose a problem. 5.1.1 Using the ping command _____________________________ The "ping" command is the first tool to be used to diagnose pos- sible network problems. The TCP/IP "ping" command can be used to test if a given host, specified by a host name or host IP address, is registered as a valid host and actively connected to the network. If the host name or IP address is not registered as a valid iden- tifier, then the ping command will fail. If the host is active but not connected to the network then the "ping" command will not be able to receive the expected message. For example: 1. At a prompt, type "ping testfam". If you receive information that is similar to the following, you can successfully connect to your TeamConnection family: PING testfam.company.com: 56 data bytes 64 bytes from 1.23.457.78: icmp_seg:0. time=0. ms 64 bytes from 1.23.456.78: icmp_seg:1. time=0. ms 64 bytes from 1.23.456.78: icmp_seg:2. time=0. ms 2. Press Ctrl+C to end the command. 3. If you receive the message "unknown host testfam", you cannot connect to the family. Verify that the data in the hosts and services files is correct, and then try the command again. If you still do not get the correct response, contact your TCP/IP administrator to solve the problem. Miscellaneous topics 15 5.1.2 Using the host command (or equivalent) _____________________________________________ In AIX and OS/2 there is a command called "host" which gets the IP address of a host name or the host name of an IP address. This command uses the local /etc/hosts file first, and if the host name or the IP address is not found there, then the network name server is contacted next. In some networks, there could be a mismatch between the host name and the IP address. Do the following to verify that the hosts file is specified correctly: 1. Type "host family_name", where family_name is the name of your TeamConnection family. The information returned should match the number and name specified in your hosts file. For example, the system response might be as follows: testfam.company.com = 9.12.345.67 2. Type "host ip_address", where ip_address is the IP address of your machine. The information returned should match the number and name specified in your hosts file. For example, the system response might be as follows: testfam.company.com = 9.12.345.67 If you do not receive the expected response, contact your TCP/IP administrator to solve the problem. In some networks the second step gives a different host name and this will cause problems with TeamConnection. In other platforms we provide the "cmvchost", "tchost" or "tchostw" command which provides the basic functionality of the "host" command provided in AIX and OS/2. 5.1.3 Using the nslookup command _________________________________ The TCP/IP "nslookup" command skips the local hosts file and queries directly the network name server, thus its name: Name Server Look Up. It provides the host name and IP address of the name server, followed by the target host name and IP address. 16 How to cope with dynamic IP addresses 5.2 HOW TO COPE WITH COMMON ERROR MESSAGES 5.2.1 Error message 0010-100: userid was not found ___________________________________________________ QUESTION: When I try to access the family server from my client, I get the following error message: 0010-100 User XXX was not found How do I solve the problem? ANSWER: This error message is displayed when the family server cannot find the specified CMVC/TeamConnection userid in the database. The main situations and their solutions are: o The CMVC/TeamConnection userid that you are using to invoke the line command or the GUI does not exist in the family server. Verify that the CMVC_BECOME or TC_BECOME variable contains a valid userid (check for misspellings). o The CMVC/TeamConnection userid, that you specified as search argument in the line command or in the GUI, does not exist in the family server. Verify that the attribute such as "userLogin" or the argument to the line command such as "user -view", contains a valid userid (check for misspellings). o Ensure that the userid was properly specified: - Verify that the userid matches the case of the userid in the family. (CMVC and TeamConnection are case sensi- tive). - Verify that you specified the userid and not the system login. Miscellaneous topics 17 5.2.2 Error message 0010-057: host list entry ______________________________________________ QUESTION: When I try to access the family server from my client, I get the following error message: 0010-057 Login builder on host oem-ppc1.raleigh.ibm.com is not authorized to access the family server as user joe. A host list member must be created for the user before the login on the specified host can access the family server. How do I solve the problem? SHORT ANSWER: The above error message indicates that the CMVC/TeamConnection userid (in this case "joe") is a valid one, however, the family server does not have a host list entry for the userid that has the system login ("builder") from the specified host name ("oem-ppc1"). To fix the problem, issue the following command from a system where you have proper access to the family server: o For CMVC: Host -create builder@oem-ppc1.raleigh.ibm.com -login joe -verbose o For TeamConnection: teamc host -create builder@oem-ppc1.raleigh.ibm.com -login joe -verbose DETAILED ANSWER: It is important to know the following facts about system logins and CMVC/TeamConnection userids: o The identifiers in CMVC/TeamConnection are case sensitive, that is, "JOE", "Joe" and "joe" are different. o The CMVC/TeamConnection userid is the id that was created for you by the family administrator. - The userid could be different than the system login. - The userid is represented by the CMVC_BECOME or TC_BECOME environment variable. - The Settings notebook in the GUI refers to this variable as "Become user" in the Environment page. 18 How to cope with dynamic IP addresses o The system login is the id that you use to start the session on a multiuser operating system such as UNIX or Windows NT. - The system login could be different than the CMVC/TeamConnection userid. - OS/2, Windows 3.1 and Windows 95 are operating systems for single users and they do not have a system login (Windows 95 has one, but it is optional). Because the system login is required by CMVC/TeamConnection, the USER variable is used in CMVC and the TC_USER variable is used in TeamConnection. - Unfortunately, the Settings notebook in the GUI refers to this variable as "User ID" in the Environment page, and this causes confusion with the CMVC/TeamConnection userid. - Unfortunately, the Host command line is not consistent with the usage of the terms "login" and "userid". Fortu- nately, the GUI interface is consistent (except for the Environment page in the Settings notebook) and it invokes the Host command line with the appropriate parameters. - In Windows 32-bit, the case (uppercase, lowercase or mixed case) that was used when a system login was created is remembered, such as "Administrator". It is extremely important to know that this original value is the actual value that is returned when an application asks for the system login. However, when you enter your system login in Windows 32-bit the current case of the system login id is ignored, that is, you can log in as "ADMINISTRATOR" or "administrator" and the system will let you in. Thus, the potential for confusion with CMVC/TeamConnection is that the client gets the value that is stored in the system (such as "Administrator") and the client does NOT get the value that the user actually entered when doing the login. The error message 0010-057 provides exactly the values that need to be entered in the host list entry. You can use one of the following methods to create a new host list entry: o From the GUI: the Create host entry dialog shows the fol- lowing fields (using the values used in the example): login: builder hostname: oem-ppc1.raleigh.ibm.com userid: joe o From the line command: Miscellaneous topics 19 - For CMVC: Host -create builder@oem-ppc1.raleigh.ibm.com -login joe -verbose - For TeamConnection: teamc host -create builder@oem-ppc1.raleigh.ibm.com -login joe -verbose 5.3 SUMMARY OF THE AUTHENTICATION FUNCTION IN TEAMCONNECTION The TeamConnection authentication function ensures the users of a TeamConnection family are indeed who they claim to be. There are currently four authentication levels: o HOST_ONLY This is the default, and the function that was also used in TeamConnection Version 1.x. It requires that a valid combi- nation of the system login, TeamConnection user ID, and host name are defined. o PASSWORD_ONLY This requires that a user must use the command 'teamcd tclogin' (File->Login from the Tasks window) to log in and log out of the TeamConnection family. When the user logs in to the family, the server will send back a token which is associated with that user from that client host. The server will check the attached token and if valid, will proceed to perform the requested action. o PASSWORD_OR_HOST This allows the user to use either the PASSWORD_ONLY function if they have a password, or use the HOST_ONLY function if they have a valid host list entry. This is useful for teams where particular team members may be remote or mobile and have changing IP addresses. o NONE This allows any user to access TeamConnection and does not require a password or valid host list entry. This is not intended for general use. NOTE: Any successful login or logout generates an entry in the audit.log file. 20 How to cope with dynamic IP addresses 6.0 HOW TO OBTAIN THE TOOLS The tools described in this technical report can be downloaded as follows: o From the IBM intranet (only for IBM employees). o From the Internet (open to everyone). 6.1 IBM INTRANET 6.1.1 Web Home Page ____________________ You can access the CMVC Service/Development Home Page at: http://tc-cmvc.raleigh.ibm.com/cmvc/cmvc.html From the index of technical reports, select the section "Dynamic IP Addresses tools". 6.1.2 FTP __________ You can download the code from our internal FTP site, by doing: 1. ftp tc-cmvc.raleigh.ibm.com 2. login as 'anonymous' and for password give your email address. 3. cd e: 4. cd cmvc/doc/tr 5. binary 6. get 7. quit 6.2 INTERNET How to obtain the tools 21 6.2.1 Web Home Page ____________________ Not available. 6.2.2 FTP __________ You can download the code from our external FTP site, by doing: 1. ftp ftp.software.ibm.com 2. login as 'anonymous' and for password give your email address. 3. cd ps/products/cmvc/fixes/tr-tools 4. binary 5. get 6. quit 22 How to cope with dynamic IP addresses 7.0 COPYRIGHTS, TRADEMARKS AND SERVICE MARKS The following terms used in this technical report, are trademarks or service marks of the indicated companies: +---------------------+-------------------------------------------+ | TRADEMARK, | COMPANY | | REGISTERED | | | TRADEMARK OR | | | SERVICE MARK | | +---------------------+-------------------------------------------+ | IBM, AIX, | IBM Corporation | | OS/2, OS/2 Warp, | | | CMVC, TeamConnection| | | TCPDial, | | +---------------------+-------------------------------------------+ | Microsoft, Windows, | Microsoft Corporation | | Windows 95, | | | Windows NT | | +---------------------+-------------------------------------------+ END OF DOCUMENT Copyrights, Trademarks and Service marks 23