Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
261262263264265266267268269270
SD-UX Security
Basic Security Tasks
Chapter 9268
Adding Target Hosts
For swinstall and swcopy, both the user and target host are validated
(i.e., to protect from unauthorized users at remote hosts switching to an
authorized user). The following adds read permission for the host named
target to the default depot on the local host, the products currently in
the depot, and any future products added to the depot (using
global_product_template).
swacl -l depot -M host:target:r
swacl -l product -M host:target:r \*
swacl -l global_product_template -M host:target:r
Since the user is always validated, another alternative that makes it
easier to manage large numbers of hosts is to allow all hosts read
permission:
swacl -l depot -M host:*:r
swacl -l product -M host:*:r \*
swacl -l global_product_template -M host:*:r
NOTE “*” is only a supported value for the host ACL type.
Temporarily Restricting Access
A simple method of restricting access to anyone other than the local
superuser without modifying ACLs is to unregister the depot.
swreg -u -l depot [@
depot
]
It can then be reregistered later:
swreg -l depot [@
depot
]
Closing the SD-UX Network
The SD-UX secret is used a a proof of trustworthiness for the caller’s
credentials. It is a password that SD-UX uses to verify the authenticity
of the caller’s host. The default secret field is set by manufacturing to
match the default setting on the HP-UX controller. All secrets (i.e.,
controller, targets, and depots) must be identical.