NIO CommKit Host Interface Installation and System Administration Manual
AUTHORIZE(1M) AUTHORIZE(1M)
E-17 CommKit Host Interface, Release 4.0
NAME
authorize – host authorization service
SYNOPSIS
dkdestination.authorize
authorize [ –l login ] [ –u uidfile ]
DESCRIPTION
Remotely Invoked
When invoked from a remote host via the dk(1C) command, authorize is the host authorization service. The
service establishes the mapping of a valid user ID on the originating host to a valid user ID on the destination
host using the Originating Group name. This mapping allows a user to bypass the login(1) process when
connecting to another host on the same AT&T data switch network.
The authorize routine maintains the /etc/opt/dk/dkuidtab file [see dkuidtab(4)], which is owned by root and
contains information on how to map user IDs from incoming calls to valid user IDs. authorize also creates
and maintains a log file (which you should clean out periodically) of all successful and unsuccessful
authorization attempts. The format and name of this log file is documented below.
authorize is executed only through the dkserver(1M) mechanism as a result of an entry in the host server table
[see srvtab(4)]. (For execution directly from the command line, see Locally Invoked below). Use
dk destination.authorize
or
dkcu destination.authorize.t
to authorize yourself on the destination. (NOTE: destination must be a valid data switch host address.)
The destination host will then prompt the user for a login and passwd. If the user answers correctly, the
authorization service makes an entry in a translation file [see dkuidtab(4)] that maps the originating host and
user ID to a user ID local to the destination host. Once the entry is made in dkuidtab(4), subsequent uses of
remote login may be made to bypass the login procedure on the destination host. On successful authorization,
a mail(1) notification is sent to the user on the destination host to document the authorization transaction.
The authorize routine leaves a file in /etc/opt/dk called dkuidtab:o. This file is a working copy of the
dkuidtab(4) file and can be ignored.
Authorization must be done at least once from each calling data switch host (see Multiple Interfaces below).
Also, whenever the passwd(4) entry is changed on the destination host, the user must re-execute the
authorization service to update dkuidtab(4).
Answering the ’Please login:’ prompt with a blank line will cause the current authorization (if any) to be
deleted.
Environment Variables
If the shell variable, DKKEY, is set in the user’s environment, then that string is used as a matching token
when authorizing. The token value is used when mapping the originating host user ID to a user ID local to
the destination host. For example,
DKKEY=token dk destination.authorize
or
DKKEY=token dkcu destination.authorize.t
The DKKEY value is also stored in the dkuidtab(4) file on the remote destination. Thus, from any given
originating host and user ID, by changing the value of DKKEY, a user can remotely login as one of a number
of different user ID’s on a given destination host.