Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
281282283284285286287288289290
SD-UX Security
SD-UX Internal Authentication
Chapter 9288
When you start an RPC (as an SD-UX controller), a structure describing
your identity accompanies each call to an agent; the controller sends the
user and group name of the person invoking the RPC, as well as the host
name of the system on which it is running (in DCE, called the realm).
This structure is called your credentials. Credentials consist of:
user (principal) name
The user (or host system, for agents making RPCs to other agents)
who is originating the RPC call.
Group name
The user’s primary group.
Realm or local Host
The user’s host name.
The user’s credentials are passed in the RPC parameters, The agent
receiving the RPC uses this information to compare authentication
credentials.
Controllers Run with the User’s Credentials and Privileges
SD-UX controller programs such as swinstall or swremove operate with
the privileges of the user who invokes them. The agent ensures that the
user has the required permissions on the object by looking at the object’s
ACL. If permissions are not granted, the operation fails.
A controller may be run by anyone on the system, but its actions are
restricted (based on permissions granted in various object ACLs). SD-UX
agents always verify that user-requested operations are authorized
before performing them.
Agents Run with the System’s Identity
The SD-UX agents and daemons run with the privileges of a superuser;
but they also have the special identity of the host system on which they
are executing. When a target agent makes an RPC call to a source agent,
two sets of credentials are passed with the call:
those of the agent’s system
those of the user running the controller on whose behalf the target
agent runs