Guide to Gateways for LAN Servers
Chapter 3, Administering SCO Gateway for NetWare
Tuning NCP packet security level

Tuning NCP packet security level

To communicate securely with NetWare servers, SCO Gateway for NetWare uses a NetWare security feature called NCP packet signature. While the NetWare documentation has complete details, an overview of NCP packet signature is provided here.

NCP packet signature provides 4 levels of security. The highest level, 3, requires all packets (both client and server packets) to be electronically signed to prevent packet forgery. The lowest level, 0, does not allow packet signature. The table below summarizes packet signature levels.

Table 3-3 NCP packet signature levels

 --------------------------------------------------------------------
 Level   Description
 --------------------------------------------------------------------
 0       Packets are unsigned.  Signed packets are not accepted.
 1       Packets are unsigned unless they are requested to be signed.
 2       Packets are signed unless they are requested to be unsigned.
 3       Packets are signed.  Unsigned packets are not accepted.
The SCO Gateway for NetWare and the NetWare server establish separate NCP packet signature levels. When a SCO Gateway for NetWare user logs in, the client and the server negotiate for an effective packet signature level. The possible combinations are summarized in the next table.

Table 3-4 Effective NCP packet signature levels

 ---------------------------------------------------------
 Client/
 Server    0           1           2           3
 ---------------------------------------------------------
 0         No packet   No packet   No packet   No logging
           signature   signature   signature   in
 1         No packet   No packet   Packet      Packet
           signature   signature   signature   signature
 2         No packet   Packet      Packet      Packet
           signature   signature   signature   signature
 3         No          Packet      Packet      Packet
           logging     signature   signature   signature
           in
On reboot, the packet signature level is initialized to 0. The /etc/nuc script contains the command:

/etc/nwsignatures 1

to set the default packet signature level to 1.

The superuser can control the SCO Gateway for NetWare packet signature level with the command nwsignatures(NWG). For example:

/etc/nwsignatures 2

raises the SCO Gateway for NetWare packet signature level to 2. Note that the SCO Gateway for NetWare packet signature level can be raised without rebooting. However, to lower the SCO Gateway for NetWare packet signature level you must reboot. For example, to lower the packet signature level to 0, edit the the nwsignatures command in the /etc/nuc file to:

/etc/nwsignatures 0

Then reboot your system.

With no arguments, /etc/nwsignatures displays the current security level.