Sun Fire Visual Grid System Installation and User's Guide Table Of ContentsPrevious ChapterNext ChapterBook Index


C H A P T E R  6
Security

This chapter describes the Sun Fire Visual Grid software security measures used by the dzdaemon program.

dzdaemon Daemon

The Sun Fire Visual Grid software uses a daemon (dzdaemon) running on each computer in the installation to set up and control the Sun Fire Visual Grid system. This dzdaemon is responsible for the following:

The dzdaemon daemon architecture has access to the system resources required by the Sun Fire Visual Grid system. The architecture includes an optional trusted hosts system to restrict which computers on a network can communicate with dzdaemon.

The Sun Fire Visual Grid software installation script prompts the user to create trusted hosts files, although this option can be declined. On the slave computers the trusted hosts file (/etc/openwin/dz/trustedhosts) is a text file that should contain the names (or IP addresses) of the Gigabit Ethernet connection to the master computer (or set of masters if the configuration is changed regularly) and localhost. The name or IP address referring to the master in the slave trustedhosts file should be the same connection over which the master sends X protocol to the slave. On the master, the trustedhosts file should simply contain the name (uname -n output) or IP address of that master and localhost.

The Sun Fire Visual Grid system uses the following port numbers for master-slave communication over TCP and UDP protocols:

TABLE 6-1 TCP and UDP Protocols

Program

Protocol

Port

dzdaemon

3866/tcp

DZDAEMON Port

dzdaemon

3866/udp

DZDAEMON Port

dzoglserver

3867/tcp

DZOGLSERVER Port

dzoglserver

3867/udp

DZOGLSERVER Port


These ports have been registered with the Internet Assigned Numbers Authority (IANA) and can be referenced at:

http://www.iana.org/assignments/port-numbers

Role-Based Access

The Sun Fire Visual Grid system can provide role-based access to users of dzadmin. This enables users other than root to modify the system setup using dzadmin.

To give a user the ability to run dzadmin:

single-step bulletAdd the following line (all on one line) to the /etc/user_attr file: 

username::::auths=solaris.dz.admin;profiles=Visual Grid Administration

Where username is the name of the user to whom you are granting access.



  Sun Fire Visual Grid System Installation and User's Guide 817-2365-10 Table Of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2003, Sun Microsystems, Inc. All rights reserved.