NIO CommKit Host Interface Installation and System Administration Manual
3-25
Control Tables (from AT&T 255-110-127)
srvtab
In addition, if transparent user ID mapping is used for administrative logins
between two systems, anyone that becomes root, bin, or another of the
administrative users on one of the systems may retain those privileges on the
other system.
Translated User ID Mapping
The translated mode of user ID making is specified by the & user ID map-
ping option in the server table. The translations are performed using the
/etc/opt/dk/dkuidtab user ID translation file [see dkuidtab(4)]. Translated
user ID mapping should be used when two or more systems must share some
users but the systems do not share common /etc/passwd files. Numerical
user IDs do not need to uniquely identify a single user across the set of sys-
tems.
The translated mode of user ID mapping is intended for use when two or
more systems may not have the same user population and each numerical
user ID may not refer to a single user across the set of systems.
This mode of user ID mapping is significantly more secure than transparent
user ID mapping since users must authorize themselves with a login and
password [see authorize(1M)] before using the resources of the called sys-
tem.
Fixed User ID Mapping
The fixed mode of user ID mapping is specified whenever the user ID map-
ping field of a server table entry lists a specific user name (for example,
nuucp or guest). The specified login must have a valid entry in the
/etc/passwd file. This mapping results in the call using the specified fixed
login.
Fixed user ID mapping is often required when invoking system programs
that establish sessions such as login. This is shown by the following server
table example:
201/colan/*! - L/t root /opt/dk/sbin/login.dk login:-h%H
The authorize program must read and write files accessible only by root, so
it must be invoked with a fixed user ID mapping using the root login:
* authorize /vaex root /opt/dk/sbin/authorize authorize:201/580/1293:%U:%f:%u