Manualshelf

NIO CommKit Host Interface Installation and System Administration Manual

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
51525354555657585960
3-23
Control Tables (from AT&T 255-110-127)
srvtab
If a pupu call request comes from root in originating group
lc/sporty/camaro, the request will match the first server table entry and will
be run as root. The *n user ID option indicates that no user ID translation
will take place.
If the password file contains a login with the symbolic name guest and a
pupu call request comes in from root in an originating group other than
lc/sporty/camaro, the request will match the second server table entry and
will use the login guest for the pupu transaction.
If the called host has no guest login in the password file and a pupu call
request comes in from root in an originating group other than camaro in the
area/exchange lc/sporty, the request will match the third line of our example
server table and will allow the call to take place as root. The second line of
the server table is invalid in this case because there is no guest in the pass-
word file.
Finally (still assuming no guest entry in the password file), if a pupu call
request comes in from root in an originating group outside the area/
exchange, lc/sporty, the request will match the last line of the example
server table and the call will be denied unless root on the requesting host has
a valid authorization. See authorize(1M).
This example shows that considerable care must be given to the specification
of server table entries. The lack of a guest login on the system prevented
root requests from being mapped to guest even though the administrator
may have been successful in employing this server table fragment on a dif-
ferent system. The administrator may have removed the guest login to limit
exposure from a different area without realizing the impact on the server
table.
User ID Mapping Rules
The user field (user ID mapping) of the server table provides a flexible
mechanism for restricting or translating call requests from classes of users.
Calls may use transparent, translated, or fixed mapping. Transparent and
translated mappings may be further restricted to numerical user ID ranges.
The type of mapping may be selected individually for each originating group
and service combination, or may be specified using originating group pat-
terns.