The server administrator can accept and/or reject access to the server from specific users or all users on any given machine. This is done in a server configuration file using the MSSERVERACCEPTHOST and MSSERVERREJECTHOST entries between MSSERVERSECURITY and MSSERVERSECURITYEND block.
The syntax for these entries is:
MSSERVERSECURITY MSSERVERACCEPTHOST=<hostname< [<username> ...] MSSERVERREJECTHOST=<hostname> [<username> ...] MSSERVERDATABASE=<database_name> MSSERVERSECURITYEND
where:
| hostname | is the name of a machine known by the local machine's operating system. |
| username | is the login name for a user on that machine. |
| database_name | is the name of the database that the server is allowed to access. |
The MSSERVERSECURITY and MSSERVERSECURITYEND block can appear anywhere between the MSSERVERNAME entry and the MSSERVERNETTYPE entry for a given server configuration file. Since it is the spooler that handles the security, the security entries need only to appear in the server configuration file read by the server.
If the user names are omitted then all users on that machine are accepted or rejected. Furthermore, reject entries have higher priority than the accept entries.
If there are only accepted entries, then only those machine/users are granted access. All other machines/users are rejected.
When there are no entries, then all users on all machines in the network have access to the server.
Example 1
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper fred
MSSERVERREJECTHOST=mars joe fred
MSSERVERSECURITYEND
...
This would allow only user "fred" from the machine called "copper" to access the server. All other users on all other machines would be denied access. The reject list is redundant and the server can access any database.
Example 2
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper
MSSERVERSECURITYEND
...
This would allow only users from the machine named "copper" to access the server. All other users on all other machines would be denied access.
Example 3
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper
MSSERVERACCEPTHOST=platinum fred
MSSERVERSECURITYEND
...
This would allow only users from the machine named "copper" and user "fred" on a machine named "platinum" to access the server. All other users on all other machines would be denied access.
Example 4
...
MSSERVERSECURITY
MSSERVERREJECTHOST=copper
MSSERVERSECURITYEND
...
This would deny all users from the machine named "copper" to access the server. All other users on all other machines would have access.
Example 5
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper
MSSERVERREJECTHOST=platinum
MSSERVERSECURITYEND
...
This would allow only users from the machine named "copper" to access the server. All other users on all other machines would be denied access. The "platinum" entry is redundant.
Example 6
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper fred
MSSERVERREJECTHOST=copper
MSSERVERSECURITYEND
...
This would deny all users from all machines named "copper" except user "fred" on machine "copper" access to the server. The MSSERVERREJECTHOST entry is redundant.
Example 7
...
MSSERVERSECURITY
MSSERVERREJECTHOST=platinum fred
MSSERVERSECURITYEND
...
This would deny only user "fred" on machine "platinum" access to the server. All other users on all machines (including "platinum") would have access.
Example 8
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper fred dan
MSSERVERSECURITYEND
...
This would allow only users "fred" and "dan" from the machine named "copper" access to the server. All other users on all machines (including "copper") would be denied.
Example 9
...
MSSERVERSECURITY
MSSERVERACCEPTHOST=copper fred
MSSERVERREJECTHOST=copper fred
MSSERVERSECURITYEND
...
This would deny all users from all machines. Since there is an accept entry, all users and machines not entered are denied access to the server. However, the only user allowed is "fred" on "copper" and that user is explicitly denied access in the reject entry.