User Interfaces to Change Manager Server

The browser user interface and the command-line interface use Sun Management Center Remote Method Invocation (RMI) mechanisms to communicate with the server layer. Security issues are exactly as for Sun Management Center's other user interfaces.

Identity

UNIX user name.

Authentication

UNIX password.

Authorization

Authorization is performed by Sun Management Center service and agent authorization mechanisms.

Only rudimentary control access to Change Manager data is currently supported. All users who are authorized to use a Change Manager service are able to access all Change Manager data associated with that service.

Confidentiality

Traffic cannot be intercepted by applications such as snoop.

Integrity

Traffic cannot be corrupted.

Availability

Flood attacks might disrupt service. Underlying Solaris authentication mechanisms might optionally implement an authentication failure lockout policy. Such a lockout policy might enable denial of service attacks.

Accountability

Logins and user-level actions are logged.