Administrator's Guide
Glossary
ASM Oracle Automatic Storage Management
authorized
executable
A signed binary executable specified in an IBAC policy. The executable is permitted access to
the protected file also specified in the IBAC.
CFS Veritas Cluster File System
DAC Discretionary Based Access Controls. A traditional file access control used on Unix-based
operating systems.
DLKM Dynamically Loadable Kernel Module
FAP File Access Policy. WLI metadata that restricts access to a regular file or directory. IBAC and
FLAC policies are FAPs. A file can have multiple IBAC policies but only one FLAC.
FLAC File Lock Access Control. This file access policy restricts access to read-only for all executables.
HA High Availability
IBAC Identity Based Access Control. This file access policy restricts access to an authorized executable.
maintenance
mode
WLI does not enforce file access policies and resource restrictions. All read and write protection
on WLI database files is disabled.
named stream VxFS feature that allows a single file inode to be associated with multiple data streams. On
VxFS 5.0.1 and later VxFS revisions, WLI stores policy and signature metadata in a named
stream associated with the file for which the policy or signature applies.
restricted mode WLI enforces file access policies and resource restrictions in accord with other security attributes.
Read and write protection on WLI database files is enabled.
rng The HP-UX kernel random number generator. Strong random numbers are generated from the
informational entropy in system interrupt arrival times from networking and other external
sources.
RSA Rivest, Shamir & Adleman. Algorithms and protocol for generating asymmetric cryptographic
keys and establishing secure communications.
VFS Virtual File System. The kernel component that virtualizes file system operations for NFS, HFS,
and VxFS for storage management on physical media.
57