Manualshelf

Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2488, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor
161162163164165166167168169170
When you change a host’s secret, make sure you change it in the secrets files of all hosts with
which you work. The secrets file may be produced in a single site, then copies distributed to all
participating hosts.
NOTE: The secrets discussed here does not grant any access to SD-UX objects, but do allow a
host to participate in SD-UX operations.
9.8 RPC Authorization
This section discusses how agents handle controller requests, local superuser authorization, depot
registration, and daemon/agent security
In SD-UX, objects are protected by ACLs. An ACL is a structure, attached to an object, that defines
access permissions for multiple users and groups. It extends the concepts defined by the HP-UX file
system mode bits in two ways: by allowing specification of the access rights of many individuals
and groups instead of just one of each; and by protecting entire SD-UX objects, rather than individual
files.
Generally, a controller requests an agent to perform some operation on a object. SD-UX protects
each host, depot, depot-product, and installation object (root) with an ACL. After a call is
authenticated, the ACL manager is consulted for a caller’s access permissions to a protected object
before allowing the action.
SD-UX authorization uses ACLs to determine the RPC caller’s rights to access a particular SD-UX
object in a particular way (i.e., read, write). An object’s ACL is searched for an entry that matches
the caller. Once a matching entry is found, the permissions granted in that entry are compared to
those required for the operation. If permissions required for the operation are all granted by the
entry, access is authorized, and SD-UX proceeds with the requested operation.
9.8.1 How Agents Handle Controller Requests
When a controller requests an agent to do an operation requiring the participation of another
agent, the two agents must each grant access to the objects under their control before the operation
can complete.
Figure 57 SD-UX Security Process
For example, to install a product P from depot D to root R:
1. User U sends an RPC request to swagentA on the target host H. User U wants to install the
product in root R (on the target host).
2. SwagentA checks the ACL protecting root R to confirm that user U is authorized to insert
products.
164 SD-UX Security