If SECURITY is set to ACL or MANDATORY_ACL, then per-user authentication is enforced and access control lists are supported for access to services, application queues, and events. The name of the authentication service must be ..AUTHSVC which is the default service advertised by AUTHSVR for these SECURITY levels.
The user file must be $APPDIR/tpusr. It is automatically propagated from the master machine to other active machines in the configuration. One instance of the AUTHSVR must be run on the master machine. Additional copies can be run on other active machines in the configuration.
The user file is searched for a matching user name and client name. The entry must match exactly on the user name. The client name must either match exactly, or the client name value in the user file can be specified as the wildcard (*) which will match any client name. A single user can have only one entry in the user file and cannot be a wild-card. The user file can be maintained through the tpusradd(1), tpusrdel(1), and tpusrmod(1) programs, the graphical user interface, or the administrative interface.
The reserved client name values tpsysadm (system administrator) and tpsysop (system operator) are treated specially by AUTHSVR(5) when processing authentication requests. These values are not allowed to match wildcard client names in the user file.
The application key that is returned by the AUTHSVR is the user identifier in the low-order 17 bits and the group identifier in the next 14 bits (the high order bit is reserved for administrative keys). The application keys that correspond to tpsysadm and tpsysop are 0x80000000 and 0xC0000000, respectively. This application key is passed to every service in the appkey element of the TPSVCINFO structure.
For SECURITY ACL or MANDATORY_ACL, the standard AUTHSVR that is shipped as part of the system in ${TUXDIR}/bin/AUTHSVR must be used.
Warning:
${TUXDIR}/lib/AUTHSVR.c is not the source file used to generate ${TUXDIR}/bin/AUTHSVR (don't clobber this executable); if you provide your own AUTHSVR, it is recommended that you install it in ${APPDIR}.
AUTHSVR is supported as a BEA TUXEDO-supplied server on non-Workstation platforms.
# Using ACL's
*RESOURCESAUTHSVC "..AUTHSVC"SECURITY ACL*SERVERSAUTHSVR SRVGRP="AUTH" SRVID=100 RESTART=Y GRACE=0 MAXGEN=2### Using USER_AUTH*RESOURCESAUTHSVC "AUTHSVC"SECURITY USER_AUTH*SERVERS
AUTHSVR SRVGRP="AUTH" CLOPT="-A -- -f /usr/tuxedo/users" \e SRVID=100 RESTART=Y GRACE=0 MAXGEN=2
tpaddusr(1), tpusradd(1), ubbconfig(5), BEA TUXEDO Administrator's Guide, BEA TUXEDO Programmer's Guide