Software Distributor Administration Guide for HP-UX 11i
SD-UX Security
SD-UX Internal Authentication
Chapter 9 289
While local superuser privilege is necessary for the agent to do required
local file system operations such as file creation and deletion, ACL
management, etc., this level of permission is neither required nor desired
for DCE RPC operations with other SD-UX processes.
When SD-UX agents perform RPCs, they assume the identity of the
system on which they run, rather than that of a particular user.
Security Between Hosts: The Shared Secrets File
In addition to the caller’s credentials, another proof of trustworthiness is
also sent in the RPC. The SD-UX agent checks this proof before accepting
the caller credentials. This proof consists of passing the encryption of a
secret password. The password is read from the shared secrets file. This
file is located on systems in /var/adm/sw/security/secrets.
NOTE The SD-UX Secret must be the same on both the target system and the
controller.
The agent compares this encrypted secret to the encryption of a local
secret it shares with the controller’s host. If the secrets do not match, the
call is not authenticated and it fails.
Secrets are stored by host name in the secrets file and are used to
establish trust between two systems. The controller selects a secret in
the file that corresponds with the host name of the system on which it is
running. The agent, upon receipt of an RPC from the controller, looks up
a secret associated with the controller’s host.
For example, if the controller is running on alma.fc.hp.com and makes
a request of an agent running on lehi.fc.hp.com, each of the two
processes will look up the secret associated with alma.fc.hp.com (the
controller’s host) from their respective secrets file.
Here is an example of the format of the shared secrets file:
default quicksilver
lehi.fc.hp.com s28ckjd9
alma.fc.hp.com 32hwt
newdist.fc.hp.com zztop
noway.fc.hp.com daisey