C H A P T E R 6 |
Security |
This chapter describes the Sun Fire Visual Grid software security measures used by the dzdaemon program.
The Sun Fire Visual Grid software uses a daemon (dzdaemon) running on each computer in the installation to set up and control the Sun Fire Visual Grid system. This dzdaemon is responsible for the following:
The dzdaemon daemon architecture has access to the system resources required by the Sun Fire Visual Grid system. The architecture includes an optional trusted hosts system to restrict which computers on a network can communicate with dzdaemon.
The Sun Fire Visual Grid software installation script prompts the user to create trusted hosts files, although this option can be declined. On the slave computers the trusted hosts file (/etc/openwin/dz/trustedhosts) is a text file that should contain the names (or IP addresses) of the Gigabit Ethernet connection to the master computer (or set of masters if the configuration is changed regularly) and localhost. The name or IP address referring to the master in the slave trustedhosts file should be the same connection over which the master sends X protocol to the slave. On the master, the trustedhosts file should simply contain the name (uname -n output) or IP address of that master and localhost.
The Sun Fire Visual Grid system uses the following port numbers for master-slave communication over TCP and UDP protocols:
These ports have been registered with the Internet Assigned Numbers Authority (IANA) and can be referenced at:
http://www.iana.org/assignments/port-numbers
The Sun Fire Visual Grid system can provide role-based access to users of dzadmin. This enables users other than root to modify the system setup using dzadmin.
To give a user the ability to run dzadmin:
Add the following line (all on one line) to the /etc/user_attr file:
Where username is the name of the user to whom you are granting access.
Copyright © 2003, Sun Microsystems, Inc. All rights reserved.