Using SAF, you can manage access to all services in a similar way, whether they are on the network or attached only to local systems. SAF uses Service Access Control (SAC) commands to set up and manage services. It provides uniform access to system services, such as:
Adding, removing, and modifying terminal line settings
Adding, enabling, disabling, or removing a port monitor
Printing information from administrative database files
Using and administering port monitors
Adding, enabling, disabling, and removing listen(1M) port monitors
In previous versions of SunOS operating systems, the method for controlling devices depended both on the device providing the access and on the location of that device. Managing user access involved editing many device files.
SAF helps isolate the system administrator from these device dependencies and provides a common interface for managing a range of services, including the ability to:
Log in (either locally or remotely)
Access files across the network
SAF's common interface consists primarily of two commands: sacadm and pmadm. The sacadm command controls daemons called port monitors. The pmadm command controls the services associated with the port monitors.
Once a port monitor detects a request, it sets whatever parameters are required to establish communication between the operating system and the device requesting service. Then the port monitor transfers control to other processes (for example, the login program) that provide the services needed.
There are two types of port monitors included in the Solaris 7 operating environment: ttymon and listen. The listen port monitor controls access to network services and handles remote print and file system requests. The ttymon port monitor provides access to the login services needed by modems and alphanumeric terminals.
SAF's common interface consists primarily of two commands: sacadm and pmadm. The sacadm command controls the port monitors. The pmadm command controls the services associated with the port monitors.
The sacadm command enables you to add and remove port monitors. You can also use the sacadm command to list the status of a port monitor, and to administer configuration scripts for customizing port monitors.
Using the pmadm command, you can add or remove a service, and enable or disable a service. You can, for example, disable all remote logins with one pmadm command. You can also install or replace per-service configuration scripts, or display information about a service.
Using only the sacadm and pmadm commands, a system administrator has complete control over access to resources. However, these two commands are only the interface to the SAF suite of programs and processes that make the integrated management environment possible. The functions and associated programs are:
Overall administration - sacadm
Port monitor service administrator - pmadm
Service Access Control - sac
Port monitors - ttymon and listen
Services - logins, remote procedures
The service access control, sac, is the most important program in the SAF suite. It is launched by the init program when a machine is first started. In turn, sac starts all the port monitors listed in its administrative file.
For more information on the SAF in general, or on the different ways to use the sacadm and pmadm commands, see System Administration Guide, Volume II.