File Formats, Data Descriptions, MIBs, and System Processes Reference
If SECURITY
is set to ACL
or MANDATORY_ACL
, per-user authentication is enforced, and access control lists are supported for access to services, application queues, and events. The name of the authentication service can be configured for the application using the AUTHSVC
parameter in the RESOURCES
section of the UBBCONFIG
file. For example, the following AUTHSVC
parameter setting specifies the authentication service (..AUTHSVC
) advertised by AUTHSVR
when SECURITY
is set to ACL
or MANDATORY_ACL
.
*RESOURCES
SECURITY ACL
AUTHSVC ..AUTHSVC
If the AUTHSVC
parameter is not specified, the authentication service defaults to ..AUTHSVC
.
Note: AUTHSVR
advertises the authentication service as AUTHSVC
when SECURITY
is set to USER_AUTH
, and as ..AUTHSVC
when SECURITY
is set to ACL
or MANDATORY_ACL
. AUTHSVC
and ..AUTHSVC
point to the same authentication service.
The user file must be $APPDIR/tpusr
. It is automatically propagated from the master machine to other active machines in the configuration. One instance of the AUTHSVR
must be run on the master machine. Additional copies can be run on other active machines in the configuration.
The user file is searched for a matching username and client name. The entry must match exactly on the username. The client name must either match exactly, or the client name value in the user file can be specified as the wildcard (*) which will match any client name. A single user can have only one entry in the user file and cannot be a wildcard. The user file can be maintained through the tpusradd()
, tpusrdel()
, and tpusrmod()
programs, the graphical user interface, or the administrative interface.
The reserved client name values tpsysadm
(system administrator) and tpsysop
(system operator) are treated specially by AUTHSVR
(5) when processing authentication requests. These values are not allowed to match wildcard client names in the user file.
The application key that is returned by the AUTHSVR
is the user identifier in the low order 17 bits and the group identifier in the next 14 bits (the high order bit is reserved for administrative keys). The application keys that correspond to tpsysadm
and tpsysop
are 0x80000000 and 0xC0000000, respectively. This application key is passed to every service in the appkey
element of the TPSVCINFO
structure.
For SECURITY
ACL
or MANDATORY_ACL
, you must use the standard AUTHSVR
shipped as part of the system in ${TUXDIR}/bin/AUTHSVR
.